|
|
Posted by Peter Chant on 03/13/06 19:55
Gordon Burditt wrote:
>
> You probably don't want to go through the whole "site key" thing,
> although if there's a chance someone might spoof your site, it could
> be worthwhile. Bank spoof sites have become a serious problem.
>
I don't see spoofing to be a problem, there is no financial gain. I was not
expecting to put any information up, except 'Hello Fred' that would differ
from user to user.
> The point here is that the presence of a cookie can be used to bypass
> part of the login sequence, but *LET THE USER SAY WHETHER THE COMPUTER
> IS SECURE OR NOT* before putting something on it that lets people
> log in as the user. Also it lets people who don't allow cookies
> at all in, but they have to go to a little extra trouble.
>
> Perhaps you could allow someone in with the cookie *OR* a password,
> but let them ask for the cookie (or not).
So you are saying, use a login but give them the option of using cookies
only if they are enabled.
Pete
--
http://www.petezilla.co.uk
[Back to original message]
|