Perl Monk, Perl Meditation | |
PerlMonks |
sharing secret without sslby Sixtease (Friar) |
on Feb 11, 2011 at 12:54 UTC ( [id://887611]=perlquestion: print w/replies, xml ) | Need Help?? |
Sixtease has asked for the wisdom of the Perl Monks concerning the following question: this is a general web-programming question Dear monks, Assume web application Example.com has no ssl certificate and doesn't want one. But would still like to share a secret with the visitor(like for generating nonces, so that sniffing session cookie doesn't give an attacker the visitor's rights).
Q1: Do you see a way to exchange such a secret during OpenID login?
Q2: If it is not possible (like I think), what other ways do you see?
Ideas? Does this already exist? Sorry for posting such a non-Perl-specific question / rambling.
use strict; use warnings; print "Just Another Perl Hacker\n";
Back to
Seekers of Perl Wisdom
|
|