[Sugar-devel] [PATCH] webactivity: seed the XS cookie at startup
Martin Langhoff
martin.langhoff at gmail.com
Fri Feb 13 05:51:02 EST 2009
On Fri, Feb 13, 2009 at 7:07 AM, Carol Farlow Lerche <cafl at msbit.com> wrote:
> Martin, I want to understand what https traffic you are concerned will
> affect performance and caching. As far as I understand the need for https,
> it would only be used infrequently, when reauthenticating to the server.
> I.e..:
What you describe was the plan B in my earlier postings. It first does
crypto, and then falls back to a totally MITM'able cleartext cookie.
So the crypto is just a lot of programming work for a tiny gain.
>From a security standpoint, we either do https with client side cert,
or we relax and use plaintext cookies.
cheers,
m
--
martin.langhoff at gmail.com
martin at laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
More information about the Devel
mailing list