* "bruce" <bedouglas@xxxxxxxxxxxxx>:
> if you're going to be writing apps that deal with sensitive information, you
> better damm well give some thought as to how secure the client is,
That's what encryption using public/private keypairs is for. The client
encrypts the data with the public key, and the only way to decrypt it is
using the private key -- which the server has. That way the server
doesn't *need* to know what the client is, so long as the request is
made over HTTP and the server is able to decrypt the data sent.
> or even if the client is actually valid!
Here's a valid client: open up a command line and type
# telnet php.net 80
My point? Anything that can communicate over TCP and talk using HTTP
commands is a valid client. That's the way the web was designed, and
that's the way it works.
--
Matthew Weier O'Phinney | WEBSITES:
Webmaster and IT Specialist | http://www.garden.org
National Gardening Association | http://www.kidsgardening.com
802-863-5251 x156 | http://nationalgardenmonth.org
mailto:matthew@xxxxxxxxxx | http://vermontbotanical.org
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
