Re: Performance critical technical key
| От | Geoff Caplan |
|---|---|
| Тема | Re: Performance critical technical key |
| Дата | |
| Msg-id | 1193586236.20040814101304@variosoft.com обсуждение исходный текст |
| Ответ на | Re: Performance critical technical key (Pierre-Frédéric Caillaud<lists@boutiquenumerique.com>) |
| Список | pgsql-general |
Pierre-Frédéric, PFC> You could use apache mod_auth_tkt : PFC> http://www.openfusion.com.au/labs/mod_auth_tkt/ I think their own description of "lightweight" is a fair summary of mod_auth. My own approach needs to be a more security conscious. Secure web sessions is an area that deserves more attention. The only good source I know is: http://cookies.lcs.mit.edu/pubs/webauth.html The ease with which the MIT team were able to compromise so many leading corporate sites is sobering. My own approach is mainly a blend of the MIT ideas, the Yahoo ideas reported on the the latest version of the MIT paper, and the OpenACS approach: http://openacs.org/doc/openacs-5-1/security-design.html But this is a bit OT here. If you want to carry on with this, perhaps you could contact me off list? ------------------ Geoff Caplan Vario Software Ltd (+44) 121-515 1154
В списке pgsql-general по дате отправления: