| From: | Geoff Caplan <geoff(at)variosoft(dot)com> |
|---|---|
| To: | Pierre-Frédéric Caillaud <lists(at)boutiquenumerique(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: Performance critical technical key |
| Date: | 2004-08-14 09:13:04 |
| Message-ID: | 1193586236.20040814101304@variosoft.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Pierre-Frédéric,
PFC> You could use apache mod_auth_tkt :
PFC> http://www.openfusion.com.au/labs/mod_auth_tkt/
I think their own description of "lightweight" is a fair summary of
mod_auth.
My own approach needs to be a more security conscious. Secure web
sessions is an area that deserves more attention. The only good source
I know is:
http://cookies.lcs.mit.edu/pubs/webauth.html
The ease with which the MIT team were able to compromise so many
leading corporate sites is sobering.
My own approach is mainly a blend of the MIT ideas, the Yahoo ideas
reported on the the latest version of the MIT paper, and the OpenACS
approach:
http://openacs.org/doc/openacs-5-1/security-design.html
But this is a bit OT here. If you want to carry on with this, perhaps
you could contact me off list?
------------------
Geoff Caplan
Vario Software Ltd
(+44) 121-515 1154
| From | Date | Subject | |
|---|---|---|---|
| Next Message | gnari | 2004-08-14 09:29:05 | Re: Autoincremental value |
| Previous Message | David Garamond | 2004-08-14 09:01:39 | Re: psql wishlist: value completion |