[rt-users] Coockie problems with proxies

Jesse jesse at fsck.com
Fri Apr 7 12:13:35 EDT 2000

On Fri, Apr 07, 2000 at 11:36:13AM -0400, Bill Sommerfeld wrote:
> If you want security, don't trust the source IP address.. an attacker
> trying to steal a session may be coming through the same proxy as the
> victim... 
> Instead, use SSL ..
> 						- Bill
*nod* The goal of the current password hashing was to do something 
that would be "slightly" better than http-basic.  In production, 
SSL is something that you can depend on.

jesse reed vincent -- jrvincent at wesleyan.edu -- jesse at fsck.com 
pgp keyprint:  50 41 9C 03 D0 BC BC C8 2C B9 77 26 6F E1 EB 91
They'll take my private key when they pry it from my cold dead fingers!

More information about the rt-users mailing list