OK. Good! You are both disagreeing in the right direction. I don't understand how the secret URI can be made more secure but I can go back and read the thread. All the best, Ashok John Kemp wrote: > On Feb 8, 2010, at 10:32 AM, Dan Connolly wrote: > > >> On Sun, 2010-02-07 at 14:50 -0800, ashok malhotra wrote: >> >>> Hi Larry: >>> This is useful. >>> Non-public URIs provide a weak level of security that is held to be >>> adequate for some usecases. >>> I wonder if there is disagreement with the above statement. >>> >> I disagree. >> > > And in my previous email, I neglected to mention that I, too, disagree with that statement. > > >> The unguessable URI pattern can be made about as secure as you like; >> in particular, as secure or more secure than passwords+cookies. >> > > Yes, I believe that to be true too - apart from the case where a URI may end up being transmitted to another site "automatically" by means of the Referer HTTP header. > > Regards, > > - johnk >Received on Monday, 8 February 2010 16:10:40 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:32 UTC