My reason for using SSL was that the username/password combination
wouldn't be transmitted in plaintext... that's all. If you're passing the
creditials in plaintext to the Win2k machine though going to SSL for the
auth on PHP/Linux wouldn't really make any sense I suppose.
Justin Buist
Trident T
SSL would be useless. It has no facilities for authentication, which is what
we need here. Basically, SSL encrypts communications between two computers-
it doesn't care which two and is therefore vulnerable to man-in-the-middle
attacks.
On Wednesday 19 September 2001 08:22, you wrote:
> > Cus
If you need the data to be secure, you could probably just encrypt it with
mcrypt, if you want to make sure it wasn't forged, you want to have A sign
the data, then have B check it. If I were you, I would look at GNU Privacy
Guard. You can just use some backticks and you're set. If you have any
A combonation of IP restriction and basic authentication over SSL, while not
ideal, would probably be better than most alternatives I can think of.
Josh Hoover
KnowledgeStorm, Inc.
[EMAIL PROTECTED]
Searching for a new IT solution for your company? Need to improve your
product marketing?
Visit
4 matches
Mail list logo
