WebApp Sec mailing list archives
Re: Re: HTTP REFERER not set in Internet Explorer
From: Saqib Ali <docbook.xml () gmail com>
Date: Mon, 21 Nov 2005 08:46:45 -0800
Hi Mike,
One twist to cookies that I use is to store a public key of the user. They key is used to encode their password and send a digest. In this way, passwords are never sent (even over an SSL connection). I also never store passwords (only digests).
Do all of your users have a public/private key pair? If so, are the public keys stored in a central repository? Are you requiring each client to a have digital certifcate? I can not do that for my application. Most of the users who are connecting to my application do not have a digital cert. -- In Peace, Saqib Ali http://www.xml-dev.com/blog/ Consensus is good, but informed dictatorship is better.
Current thread:
- Re: HTTP REFERER not set in Internet Explorer, (continued)
- Re: HTTP REFERER not set in Internet Explorer Oleg Lecinski (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Amichai Shulman (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Jeff Robertson (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Einecker, Leah (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Ory Segal (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 18)
- RE: HTTP REFERER not set in Internet Explorer drm (Nov 17)
- Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
- Re: Re: HTTP REFERER not set in Internet Explorer mike (Nov 18)
- Re: Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 21)