- From: Tim Bagot <tsb@earth.li>
- Date: Wed, 1 Mar 2000 18:58:03 -0500 (EST)
- To: Patrice Calve <patrice.calve@cactuscom.ca>
- cc: www-html@w3.org
On Wed, 1 Mar 2000, Patrice Calve wrote: > On an other hand, I'm also thinking of this feature for security measures: > Voice Authentication, Signature Authentication, Retinal Scan, etc. But in > this case, I hope that we agree that on a Very Secure Web Application, the > Source of the Authentication shouldn't be from a file, but should be "LIVE". > In this case, the user shouldn't have the option of choosing the source and > the programmer could restrict the source to be "live". How this "live" > option be restricted is another case, though. In principle, yes. But there is no practicable way to enforce this. The web server has no way of knowing whether what it receives is from a saved file or read directly from a device. It is impossible to prevent a user from having this option, because there are no guarantees on the reliability or authenticity of the information given in HTTP requests. Tim Bagot
Received on Wednesday, 1 March 2000 22:20:06 UTC