> client does not like the idea of using SSL.
This illustrates the problem with rolling your own security - if you only
secure the login process, what's to stop someone from capturing the token
generated from a successful login and sending it themselves?
What exactly is it that your client doesn't trust about SSL? You (and your
client) will probably be better off if you can convince him that SSL is more
likely to be adequately secure than whatever other solution you can build.
Dave Watts, CTO, Fig Leaf Software
http://www.figleaf.com/
phone: 202-797-5496
fax: 202-797-5444
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
