[
Lists Home |
Date Index |
Thread Index
]
Elliotte Rusty Harold wrote:
> At 7:41 PM -0500 1/5/04, Rich Salz wrote:
>
>> Since you seem to have given this more than just casual thought, have
>> you got ideas about a solution? To be explicit, the goals are:
>> Authenticate clients
>> Allow URL's to be cut/pasted amonng participants
>> Limited exposure if packets are snooped
>
>
>
>
> The solutions vary depending on the exact purpose. Restricting access
to password protected data is different from a shopping cart is
different from tracking users across sites. Except perhaps for the
latter, all can be solved without cookies. In all three cases (and
others) the user experience is improved without cookies.
>
> In a truly individualized situation all that's needed are URLs of the
form http://www.example.com/page.html?username=elharo
Does your bank do this? If so, which bank do you use?
In other words, do you care if someone who knows or guesses your
username can access your individualized situation?
-Rob
|
