On Thu, Jul 06, 2006 at 03:23:40PM +0200, Rogier Krieger wrote:
> On 7/6/06, Bernd Schoeller <[EMAIL PROTECTED]> wrote:
> >On Thu, Jul 06, 2006 at 01:33:52PM +0200, [EMAIL PROTECTED]
> >wrote:
> >> Is there any way to combine htaccess with one-time-pads?
> >
> >Looks like a difficult task, as http is not session based. So, the
> >brower would ask for a new OTP on every GET request.
>
> Sounds like a good point. I'd suppose adding session information in
> the web service (e.g. using Perl's Apache::Session, PHP, etc.) can
> alleviate that problem. Or am I in need of a good clue by four here?
No, this should work. Just be sure to actually use sessions that work -
far too many can be trivially spoofed.
Joachim
