Re: Anyformat Uploads

On Wed, 1 Mar 2000, Patrice Calve wrote:

> On an other hand, I'm also thinking of this feature for security measures:
> Voice Authentication, Signature Authentication, Retinal Scan, etc.  But in
> this case, I hope that we agree that on a Very Secure Web Application, the
> Source of the Authentication shouldn't be from a file, but should be "LIVE".
> In this case, the user shouldn't have the option of choosing the source and
> the programmer could restrict the source to be "live".  How this "live"
> option be restricted is another case, though.

In principle, yes. But there is no practicable way to enforce this. The
web server has no way of knowing whether what it receives is from a saved
file or read directly from a device. It is impossible to prevent a user
from having this option, because there are no guarantees on the
reliability or authenticity of the information given in HTTP requests.

Tim Bagot

Received on Wednesday, 1 March 2000 22:20:06 UTC