On Tue, 29 Feb 2000 13:39:36 -0500 (EST) glyph <glyph@twistedmatrix.com> wrote:
However, this new rush of excitement was tempered by the realization that I probably couldn't use it for the distributed authoring purposes that I had hoped I could. Security is a HUGE concern for me: students from college campuses log in to my server, and many of them are on networks where sniffers are running.
About the best you are going to do is to us SSL. You can of course just put everything under SSL, but given the overhead of SSL that may not be wise (see the archives for some stats on the area). I'm still looking for a way to do: -- Initial authentication occurs under SSL and generates a short lived session key (hour or two) -- Normal page loads are in the clear and use the session key. -- Significant user actions require re-authentication under SSL (eg PW changes). -- J C Lawrence Home: claw@kanga.nu ----------(*) Other: coder@kanga.nu --=| A man is as sane as he is dangerous to his environment |=--