On Fri, Jan 11, 2002 at 04:13:36PM -0500, Ryan M Harris wrote: > Ooh, and here's a good question. Once I get it to the client, how can I > make sure that it wasn't hijacked via man-in-the-middle or a sniffer on the > client end? First of all, you should read Does and Dont's of Web autentication by Web by Kevin Fu placed at http://cookies.lcs.mit.edu/pubs/webauth.html In that document there's a simple way, which include the use of HMAC_SHA1 (with PHP you've the choice to use mhash lib or openssl) and SSL. ---------------------------------------------------------------------------------- Giorgio Zoppi | James Bond Log Project | gzoppiat_private | http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/bondlog | denebat_private | | ----------------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Jan 12 2002 - 08:21:57 PST