Posted by Vincent Delporte on 12/19/06 11:20

On Tue, 19 Dec 2006 09:01:31 GMT, Sanders Kaufman <bucky@kaufman.net>
wrote:
>No matter how tight your security is, if users login over HTTP,
>their credentials can be tooooo easily intercepted - making all
>other security measures worthless.

So HTTPS should be used when logging on and receiving the session ID
cookie, but from then, it's OK to use HTTP?

• Next in forum: Re: How to grab a piece of text with help of a php-script
• Prev in forum: Re: Efficiency of file vs database
• Thread view: Re: Client-Side Session Data

[Reply to this message]