[Twisted-web] Dos and Don’ts of Client,Authentication on the Web
Manlio Perillo
manlio_perillo at libero.it
Mon Jul 31 12:10:21 CDT 2006
I have found this article on the web:
http://pdos.lcs.mit.edu/cookies/pubs/webauth:tr.pdf
And:
http://www.acros.si/papers/session_fixation.pdf
Among the other things, the second article claims (if I'm not wrong)
that url based sessions are not more secure that cookies.
The first article explain the importance of not to leak the user's
passwords (so I need to login on SSL, this makes the default
implementation of guard not usable).
Regards Manlio Perillo
More information about the Twisted-web
mailing list