Posted by Matthew Weier O'Phinney on 06/21/05 06:25

* "bruce" <bedouglas@earthlink.net>:
> if you're going to be writing apps that deal with sensitive information, you
> better damm well give some thought as to how secure the client is,

That's what encryption using public/private keypairs is for. The client
encrypts the data with the public key, and the only way to decrypt it is
using the private key -- which the server has. That way the server
doesn't *need* to know what the client is, so long as the request is
made over HTTP and the server is able to decrypt the data sent.

> or even if the client is actually valid!

Here's a valid client: open up a command line and type

# telnet php.net 80

My point? Anything that can communicate over TCP and talk using HTTP
commands is a valid client. That's the way the web was designed, and
that's the way it works.

--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:matthew@garden.org | http://vermontbotanical.org

• Next in forum: Persistant Connections and max_connections on mysql
• Prev in forum: Re: [PHP] Re: security question...??
• Thread view: Re: [PHP] Re: security question...??

[Reply to this message]