On Thu, Jul 06, 2006 at 03:23:40PM +0200, Rogier Krieger wrote: > On 7/6/06, Bernd Schoeller <[EMAIL PROTECTED]> wrote: > >On Thu, Jul 06, 2006 at 01:33:52PM +0200, [EMAIL PROTECTED] > >wrote: > >> Is there any way to combine htaccess with one-time-pads? > > > >Looks like a difficult task, as http is not session based. So, the > >brower would ask for a new OTP on every GET request. > > Sounds like a good point. I'd suppose adding session information in > the web service (e.g. using Perl's Apache::Session, PHP, etc.) can > alleviate that problem. Or am I in need of a good clue by four here?
No, this should work. Just be sure to actually use sessions that work - far too many can be trivially spoofed. Joachim