- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] safe(ish) single-login from website
- From: Rob Sharp <rob.sharp@xxxxxxxxx>
- Date: Wed, 16 Feb 2005 16:08:11 +1100
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=aKSXXjNu+kO4uYMsc7kTEv2OSGyY79qJkzZ3/DXEl6WuWm1066UMrdSLg8pzB0+I+K4NBJOieNIHbn2NG5HyEyjXeH+xKZNz5K14zByXgaRXT3V/J+LIZ7vr7JayanikG3Ac03R1qJukj1O8iGIpTpzA3KSKBMsjvR29SVXbvpY=
- Reply-to: rob@xxxxxxxxxxx
On Wed, 16 Feb 2005 15:18:59 +1100, Gavin Carr <gavin@xxxxxxxxxxxxxxxxx> wrote:
> On Wed, Feb 16, 2005 at 11:14:33AM +1100, Rob Sharp wrote:
> > You may run into all sorts of privacy issues if you start sending user
> > passwords unencrypted over a URL... Of course, this is when the
> > assymetric excryption key mentioned earlier becomes useful!
> >
> > On Wed, 16 Feb 2005 11:07:11 +1100, Taryn East <slug@xxxxxxxxxxxxx> wrote:
> > > * Gavin Carr <gavin@xxxxxxxxxxxxxxxxx> spake thus:
> > > > Try mod_auth_tkt: http://www.openfusion.com.au/labs/mod_auth_tkt/
> > >
> > > this sounds really like a good option but...
> > >
> > > > https://www.taryn.com/cgi-bin/ticket.cgi?user=foo;pass=bar
>
> That would be where the 's' in 'https' comes in handy. :-)
>
:-$
(I'll get me coat)
> -G
>
> --
> SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
> Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
>
--
Rob Sharp
e: rob@xxxxxxxxxxx
w: quannum.co.uk
j: rob.sharp@xxxxxxxxxx
SLUG Mailing List Archives