[CLUG-chat] Website Visitor Authentication that can't be given toothers

Charles Oertel charles at finebushpeople.net
Fri Jun 17 15:31:52 SAST 2005


Hi Richard

Richard Story wrote:
> how many friends are they going to tell in 24 hours?  It all seems to 
> come back to cookies being the best solution.  Does your client really 
> want to loose revenue, or alternatively spend on certificates just 
> because of cookiephobia.  How does https work if its not using cookies? 
> because what little I know seems to indicate that if the user gave his 
> uid and pwd to someone else you would still be at risk, or am I missing 
> something?

Nope, you aren't missing something - that's the disproportionate irony: 
  Windows users are irrational.  They worry about "security risks of 
cookies" when their machines are a cesspool of virii and worms and they 
are prepared to install even more unchecked software rather than accept 
a cookie.

However, the discussion is useful to allow me to be objective and try 
not to be too linux-arrogant ;-)

regards
--
Charles Oertel
FineBushPeople.net
tel: 021 701 8231
fax: 021 701 3338

-=-=-
... If you sow your wild oats, hope for a crop failure.
-=-=-



More information about the Clug-chat mailing list