Menu
▾
▴
[SL] Re: Security problem
|
From: Sergio A. K. <ser...@ho...> - 2002-03-31 21:03:11
|
----- Original Message ----- From: "Martin Lillepuu" <ma...@li...> > Ühel kenal päeval (laupäev, 30. märts 2002 20:36) kirjutas Sergio A. Kessler: > > > > 2) Keep the current system, but instead of doing http GET with the > > > credentials encoded in the URI, why not simply http POST using hidden > > > form fields. > > > > yup, this can be simple, but http auth is even more simple... > > (you don't have to pass credentials all the time) > > (and more secure IMO, and more modular: you can change from > > basic auth to digest in 1 second, or simply use https) > > > > more: with http auth, you don't even have to do the GUI, > > as the browser popup a nice dialog window for you... :) > > this would also require some code to manage usersnames/passwords in htpasswd > file. wrong ! you have no clue of what you are talking about. period. /sergio pd: I'm using http auth for more than 3 years and NO ONE of my systems deals with .htpasswd files, all users are stored in postgres tables. |
