On Tue, 19 Dec 2006 09:01:31 GMT, Sanders Kaufman <bucky@kaufman.net>
wrote:
>No matter how tight your security is, if users login over HTTP,
>their credentials can be tooooo easily intercepted - making all
>other security measures worthless.
So HTTPS should be used when logging on and receiving the session ID
cookie, but from then, it's OK to use HTTP?