Thor HW wrote:
> It depends. For Internet apps then what hotmail.com is better than any
> suggestion on here so far. SSL for the login page, session tracking
> there-after.
Can session-tracking apps be easily hijacked? With every query, the clients
sends the cookie information. This could be seen as logically equivalent to a
user/pass combination, couldn't it?
If SSL is used, though, for every connection, then that shuold be harder -
doesn't SSL call for a session password to be generated via an encrypted
challenge-response protocol?
- Robb
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
