Re: [Phplib-users] Basic authentication
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Basic authentication
|
From: Layne W. <la...@if...> - 2002-02-13 22:41:24
|
> I can ASSUME that if I get a value username and password, I > can give them access, IF this scheme prevents anyone from > eavesdropping and gathering username/password pairs. If Bravo > or a Bravo customer screws up and lets an unauthorized person > have access to a username/password (e.g. by leaving themselves > logged in, or other means), then it's not my or Acme's > problem. As far as we know, the user is authorized. The SSL encryption is, IIRC, setup before the actual request headers are sent so your login info, whether in a posted form or in get vars as was also suggested, will be sent securely. Just as the earlier posts activated my paranoia mode (most things do these days), I would distrust my recollection and test with a packet sniffer first. > I'm still trying to poke holes in this because it seems too > simple. It seems like this solution meets your requirements, so I think you're safe. (Nice reflexes, though.) Layne Weathers Ifworld Inc. |
