The Underscore Archives

>
> Well, this ain't an online banking system and a hacker can't really do
> diddly if they get logged in.....but I am obviously concerned about
> security.
>
> If someone can intercept the image request can they not intercept any
> other request? I.e. why would that make this approach more insecure than
> a standard website login system?
>

To be honest, the more I thought about this after I posted yesterday the
more I realised that it's no less secure than a standard login system, you
could say it's just as easy to hijack another persons session in the same
way. I'd suggest using a GUID for the OID and encrypting it for making the
request from the image. Not sure what other peoples opinions are on this?
I'm not speaking from first hand experience and I don't claim to be a
security expert.

Hope that helps though :)