>>>>> "Jean-Michel" == Jean-Michel Hiver <[EMAIL PROTECTED]> writes:
Jean-Michel> * For political reasons and compliance with future european legislation Jean-Michel> I cannot use cookies, What? The EU is going to make cookies *illegal*? I highly doubt this. Jean-Michel> * For usability reasons encoding session IDs on URIs would be really Jean-Michel> bad... users needs to be able to 'hack' the URIs without f***ing their Jean-Michel> sessions! Why is a user "hacking" their URLs? Jean-Michel> Therefore I have to use HTTP authentication... Even though the user/password is transmitted *in the clear* on *every single hit*, because you can't just use a session identifier? This is so very wrong from a security perspective. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training!