Skip repetitive navigational links
L-Soft - Home of the LISTSERV mailing list manager LISTSERV(R) 14.5
Skip repetitive navigational links
Previous messageNext messagePrevious in topicNext in topicPrevious by same authorNext by same authorPrevious page (June 2002)Back to main ZNG pageJoin or leave ZNGReplyPost a new messageSearchProportional fontNon-proportional fontLog in
Date:         Sat, 15 Jun 2002 11:19:15 +0100
Reply-To:     "Z39.50 Next-Generation Initiative" <[log in to unmask]>
Sender:       "Z39.50 Next-Generation Initiative" <[log in to unmask]>
From:         Matthew Dovey <[log in to unmask]>
Subject:      Re: Betr.: Re: result set model for srw
Comments: To: "Z39.50 Next-Generation Initiative" <[log in to unmask]>,
          [log in to unmask]
Content-Type: text/plain; charset="us-ascii"


> -----Original Message-----
> From: Rob Koopman [mailto:[log in to unmask]] 
> Sent: 14 June 2002 19:35
> To: [log in to unmask]
> Subject: Re: Betr.: Re: result set model for srw
> 
> 
> Matthew wrote:
> >I agree - what Janifer is talking about is a user 
> authentication token 
> >- not a session id. The original objection to Janifer was that a 
> >session id is much more easily forged than a username as 
> password (as 
> >Rob has pointed out a session id may be little more that an 
> incremented 
> >number). For an authentication token to represent a 
> username/password 
> >pair without opening up spoofing attacks you need something far 
> >stronger than a session id - or a permanent open socket ala classic 
> >Z39.50.
> 
> 
> I disagree. It is trivial to make a session ID secure.

<snip>

Fair enough, and similar for result set id.

Matthew
Back to: Top of message | Previous page | Main ZNG page

LISTSERV.LOC.GOV CataList email list search Powered by LISTSERV email list manager