|Don't ask to ask, just ask|
sharing secret without sslby Sixtease (Friar)
|on Feb 11, 2011 at 12:54 UTC||Need Help??|
Sixtease has asked for the
wisdom of the Perl Monks concerning the following question:
this is a general web-programming question
Dear monks,Assume web application Example.com has no ssl certificate and doesn't want one. But would still like to share a secret with the visitor
(like for generating nonces, so that sniffing session cookie doesn't give an attacker the visitor's rights).
Q1: Do you see a way to exchange such a secret during OpenID login?
Q2: If it is not possible (like I think), what other ways do you see?
Ideas? Does this already exist? Sorry for posting such a non-Perl-specific question / rambling.
use strict; use warnings; print "Just Another Perl Hacker\n";