chris... what you state is true at the extreme... but in the case of an client app, i could already extract information about the various apps that make up the client.. ie if, as in the case of IE, I was able to get information from the IE browser about various dlls that make up the browser. if these pieces of information correclt match what msoft would state should be there, then i could assume that the app was/is legitimate. you're correct in stating that the existing methods don't permit this kind of transactions to occur. however, i'm of the believe that over time, they will. and here's why. while you may not give a damm, there will be a growing chorus of people who'll want to know that the developers/sites are doing everything they can to ensure the safety of the entire transaction. in fact, i'm willing to bet that somehting like what i've been discussing will be delivered, and promoted as a security/selling point... IE, I'm Wells Fargo, our site will talk in a secure manner with the following browsers... anybody else, we'll let you peruse, but we'd rather not exchange sensitive information!! looks like we'll have to agree to disagree... peace.. -----Original Message----- From: Chris W. Parker [mailto:cparker@xxxxxxxxxxxx] Sent: Tuesday, June 21, 2005 10:21 AM To: bedouglas@xxxxxxxxxxxxx; -{ Rene Brehmer }-; php-general@xxxxxxxxxxxxx Subject: RE: Re: security question...?? bruce <mailto:bedouglas@xxxxxxxxxxxxx> on Monday, June 20, 2005 5:50 PM said: > if you're going to be writing apps that deal with sensitive > information, you better damm well give some thought as to how secure > the client is, or even if the client is actually valid! It's not possible to determine the validity of the client. Just give it some good hard thought and you'll probably come to the correct conclusion. A client/server relationship is like two people talking through a wall. You can hear my voice just fine and I can answer all the questions you ask me correctly but still you can't see what I'm doing nor do you know that I am who I am say I am. We can even talk in a language that only the two of us can understand as to prevent people from listening in. But you still wouldn't know if I was transmitting that secret message to someone else willfully after I received it. Nor would you know if someone was pointing a gun to my head forcing me to tell them what we had just talked about. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
