WebApp Sec mailing list archives

Re: Re: HTTP REFERER not set in Internet Explorer

From: Saqib Ali <docbook.xml () gmail com>
Date: Mon, 21 Nov 2005 08:46:45 -0800

Hi Mike,

One twist to cookies that I use is to store a public key of the user. They key is used to encode their password and 
send a digest. In this way, passwords are never sent (even over an SSL connection). I also never store passwords 
(only digests).


Do all of your users have a public/private key pair? If so, are the
public keys stored in a central repository?
Are you requiring each client to a have digital certifcate? I can not
do that for my application. Most of the users who are connecting to my
application do not have a digital cert.

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

Current thread:

Re: HTTP REFERER not set in Internet Explorer, (continued)
- Re: HTTP REFERER not set in Internet Explorer Oleg Lecinski (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Amichai Shulman (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Jeff Robertson (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Einecker, Leah (Nov 17)
- RE: HTTP REFERER not set in Internet Explorer Ory Segal (Nov 17)
  - Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 17)
    - Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 17)
    - Re: HTTP REFERER not set in Internet Explorer Yutaka OIWA (Nov 18)
  - RE: HTTP REFERER not set in Internet Explorer drm (Nov 17)
- Re: Re: HTTP REFERER not set in Internet Explorer mike (Nov 18)
  - Re: Re: HTTP REFERER not set in Internet Explorer Saqib Ali (Nov 21)