[nycphp-talk] AJAX and State
Daniel Convissor
danielc at analysisandsolutions.com
Sat Sep 22 12:54:44 EDT 2007
On Sat, Sep 22, 2007 at 12:23:21PM -0400, Elliotte Harold wrote:
>
> Thus the only
> choice is to place this repository on the client.
> ... snip ...
> That means the
> browser itself (or a plug-in integrated into the browser) remembers the
> password.
>
> EVERYTHING ELSE THAT HAS BEEN TRIED TO DATE HAS FAILED. NO EXCEPTIONS.
Except having a password store on one's computer that's separate from the
browser. There are several pieces of software that do this.
My technique is to store password information in a GPG encrypted text
file. Of course, this isn't a technique the masses would be able to
handle.
> A browser-based password store is the most secure authentication system
> devised to date.
No, it's not.
We're really diverging from PHP here, so this is the last posting I'll
make in this thread.
--Dan
--
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
data intensive web and database programming
http://www.AnalysisAndSolutions.com/
4015 7th Ave #4, Brooklyn NY 11232 v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list