On 13 May '08, at 4:35 PM, Matt Burnett wrote:
Its not hard to enable HTTP authentication.
It's also not hard to eavesdrop on the HTTP session using tcpdump, or to debug or disassemble the app to recover the password. In other words, putting a shared secret into an application distributed to end-users is not secure.
Probably not a realistic fear in this particular case, but there are many, many instances of web scripts like this being abused to send spam, so I don't think I'm being overly paranoid :)
—Jens
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to [EMAIL PROTECTED]
