Elliotte Harold wrote:
Kenneth Downs wrote:
Should I email you a link allowing you to log into my customer's
application and view confidential medical information?
Nonetheless, the username and password should be transmitted with each
request (in the HTTP header, not the URL) so that it doesn't matter
whether I've switched browsers, rebooted my machine, or told my office
manager to login under my name on her PC.
That can only be done if the password is stored on the browser between
requests. No thanks!
At any rate, in principle I believe that sessions are a bad way to do
things, they just have that bag-on-the-side feel. The only permanent
use of a session in Andromeda is to store user information, notably
user_id and password. I do this only because I am not aware of a secure
session-less alternative. Any ideas are welcome.
--
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com www.andromeda-project.org
631-689-7200 Fax: 631-689-0527
cell: 631-379-0010
_______________________________________________
New York PHP Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
NYPHPCon 2006 Presentations Online
http://www.nyphpcon.com
Show Your Participation in New York PHP
http://www.nyphp.org/show_participation.php
