> Thats is my exact situation. The sysadmin section of teh site is 100% https. > but the on the user side there is nothing that sensitive and little harm > they could be cause stealing someones session. It would not be worth going > to the trouble of stealing the session for the benefit you would get.
But how does the intruder know in advance that there is nothing valuable on the site? And what about the damage that could be done by a l33t h4x0r d00d just out for a joy-ride? Mixing secure with insecure might be something of an attractive nuisance, I'd think. -- Joel Rees <[EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
