Tamara Temple wrote:
Sorry, I was mislead by your use of the phrase "Users should not be copy-pasting passwords or usernames" above. I'd love to hear what you think is an alternative to identifying with web app that keeps track of information about someone that is more secure.
client side ssl certificates, they force http+tls (thus encryption over the wire and no chance of middleman attacks) and no usernames or passwords need to be passed, as you identify people by the public key held in their certificate, the TLS process ensures they have the private key.
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php