That was basically the plan, use the cookie to transport the key. Your comment about a lot of Javascript is precisely the daunting part.
It seems like it should be secure. I am assuming the "session cookie" would store the server's public key? or some such? My question would be how do you implement an RC4 encryption (or any encryption other than the built-in SSL) on the client side? Possibly a Java applet with the encryption built-in? I suppose you could implement an encryption algorithm in javascript and then just call that via a form's onSubmit, but how would you generate a random number (built into javascript?)... yikes thats a lot of javascript :-)... and at that point you would also have to generate a private key on the client side, and send the corresponding public key to the server... and this would have to be done each time which could get slow...
Now there's a thought, a Summer Sale. I think I may even do it that way.
I saw in your other post about the limited IPs, if this really is a temp solution, the implementation difficulty still might suggest springing for extra hosting, or the similar until the upgrade is in place...
Dave
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
