Marco Gaiarin schrieb: > Mandi! Tomasz Chmielewski > In chel di` si favelave... > >> Before we start we have to assume one thing: the whole "security" can't >> be handled by wpkg.js itself, it has to be made by the WPKG >> Client/Installer. > > Clearly can be better, but solutions proposed i think that can be used > also with plain wpkg.js... they does not involve more server/client > comunication then current one...
As in 99% cases wpkg.js sits on the remote server, it is by definition insecure, isn't it? Handling security by something which is hosted on a potentially not secure machine isn't the best idea - you would never know if it's your or attacker's wpkg.js. >> On the other hand, probably there are some people using WPKG without a >> domain; just in a workgroup, and it would be harder for them to add such >> security feature. > > Exactly this. I Admit that i'm a bit lazy in my domain to use guest > access to WPKG and %SOFTWARE% shares, but indeed a 'minimal' > client/server authentication have to be implemented. OK, but how? :) -- Tomasz Chmielewski http://wpkg.org ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ wpkg-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wpkg-users
