Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed

To: David Morris <dwm at xpasc.com>
Subject: Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed
From: Keith Moore <moore at cs.utk.edu>
Date: Wed, 11 May 2005 18:46:02 -0400
Cc: fw at deneb.enyo.de, moore at cs.utk.edu, ietf at ietf.org
In-reply-to: <Pine.LNX.4.33.0505111339150.25451-100000@egate.xpasc.com>
List-help: <mailto:ietf-request@ietf.org?subject=help>
List-id: IETF-Discussion <ietf.ietf.org>
List-post: <mailto:ietf@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
References: <874qd938ik.fsf@deneb.enyo.de> <Pine.LNX.4.33.0505111339150.25451-100000@egate.xpasc.com>
Sender: ietf-bounces at ietf.org

> Simple answer ... there is no easy reliable alternative to:
>  a.  cookie
>  b.  Stick it in the request URL and/or data ... many alternatives in the
> details

...neither of which are good places to store authentication tokens if exposure
of such tokens would compromise either the resource being accessed
or the user's identity.  neither cookies nor URLs are typically well-protected 
against accidental exposure.  they were not designed to be used for 
authentication.

see RFC 2964 for more on use of cookies.

Keith

_______________________________________________
Ietf mailing list
Ietf at ietf.org
https://www1.ietf.org/mailman/listinfo/ietf

Follow-Ups:
- Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed
  - From: Gaurav Vaish

References:
- Re: HTTP/1.1 Protocol: Help Needed
  - From: Florian Weimer
- Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed
  - From: David Morris

Prev by Date: Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed
Next by Date: regarding cc/pp help needed
Previous by thread: Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed
Next by thread: Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed
Index(es):
- Date
- Thread

Note Well: Messages sent to this mailing list are the opinions of the senders and do not imply endorsement by the IETF.

Re: Authentication/Session tracking question [was: HTTP/1.1 Protocol: Help Needed

Note: Messages sent to this list are the opinions of the senders and do not imply endorsement by the IETF.