|
|
Posted by "Richard Lynch" on 10/20/52 11:19
On Wed, June 22, 2005 3:27 pm, bruce said:
> rene..
>
> you've grapsed the problem/issue, as have most. all i said was that i've
> started to think about the issue of security as also meaning i have to
> start
> thinking about the client. just as users have had to start to think about
> 'is the site i'm looking at, really the site i want/should be looking at?'
It's remotely possible that you could get an RFC going about software
installation generating an SSL certificate on the client, tied to the
client's hardware signature[s]/ID[s], digitally signed by the software
installation only if the MD5 hash of the software matched an expected
value, and...
No, still too easy to hack, if the Bad Guy can change out the binary of
the browser in the first place.
I think everybody here is thinking about what you are saying, and they're
all saying "It won't work"
So you can either be the next Einstein and prove them wrong, or it really
won't work.
Take your pick.
At any rate, it's not a PHP question, and you should probably take it to a
Security RFC type of forum, please.
--
Like Music?
http://l-i-e.com/artists.htm
Navigation:
[Reply to this message]
|