On 13 May 08, at 17:40, Matt Burnett wrote:
Now your talking about hackers instead of spammers. It is hard to sniff a HTTP session, you have to penetrate your victim's network enough to be able to do so.
You're assuming that the application is only ever used in a trusted environment, which is unlikely to be the case. If an attacker can download a copy of the application, there is no way to prevent them from reusing credentials which are embedded in it.
_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]