What if the user added his username and password to the URL? If they are
valid the application could add those parameters to all links/form
actions, but the plaintext password would be replaced with some parameter
that would be good for the next access and expire after a specified period
of time. The inital URL could be generated from a fill-out form.
-Todd
On Tue, 17 Oct 2000, John Saylor wrote:
> Hi
>
> ----- Original Message -----
> From: "Ian Frawley" <[EMAIL PROTECTED]>
>
>
> > Is it not just possible through a perl module as I am not very clued
> up on
> > digital certificates.
>
> Well, you have to have some credentials- and if it's not a cookie [bad
> idea anyway], and if it's not a username/password- what would it be?
>
> You could have IP address based authentication, but this is probably
> more prone to misconfiguration and forgery than digital certificates.
>
> How important is access control to your application? In other words,
> where is the line on how much effort you [and your users] are going to
> put into security at the expense of convenience?
>
> \js
>
