xml-dev - Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation

[ Lists Home | Date Index | Thread Index ]

To: Elliotte Rusty Harold <elharo@metalab.unc.edu>
Subject: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
From: Rich Salz <rsalz@datapower.com>
Date: Fri, 09 Jan 2004 10:26:54 -0500
Cc: "xml-dev@lists.xml.org" <xml-dev@lists.xml.org>
In-reply-to: <p06010210bc23e3a62879@[192.168.254.4]>
References: <Pine.LNX.4.44L0.0401082053220.6682-100000@smtp.datapower.com> <p06010210bc23e3a62879@[192.168.254.4]>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030507

>> Make sure they always connect to the site with SSL.
> 
> No, the client can't choose that.

Sure.  The client can decide not to risk the exposure.  Sure, the server 
might not do SSL, but at least the client can say "no."  With digest, 
you can't prevent the server from offering up a plaintext challenge, you 
can only agree not to continue.  So again, it's less protection.
	/r$

-- 
Rich Salz, Chief Security Architect
DataPower Technology                           http://www.datapower.com
XS40 XML Security Gateway   http://www.datapower.com/products/xs40.html
XML Security Overview  http://www.datapower.com/xmldev/xmlsecurity.html

References:
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
  - From: Rich Salz <rsalz@datapower.com>
- Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
  - From: Elliotte Rusty Harold <elharo@metalab.unc.edu>

Prev by Date: Re: [xml-dev] c++ validating parser for xml
Next by Date: Re: [xml-dev] Urgent help needed. XML Parser
Previous by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call forParticipation
Next by thread: Re: [xml-dev] Re: Cookies at XML Europe 2004 -- Call for Participation
Index(es):
- Date
- Thread