Marco Gaiarin schrieb: > Mandi! Tomasz Chmielewski > In chel di` si favelave... > >> Before we start we have to assume one thing: the whole "security" can't >> be handled by wpkg.js itself, it has to be made by the WPKG >> Client/Installer. > > Clearly can be better, but solutions proposed i think that can be used > also with plain wpkg.js... they does not involve more server/client > comunication then current one... As in 99% cases wpkg.js sits on the remote server, it is by definition insecure, isn't it? Handling security by something which is hosted on a potentially not secure machine isn't the best idea - you would never know if it's your or attacker's wpkg.js. >> On the other hand, probably there are some people using WPKG without a >> domain; just in a workgroup, and it would be harder for them to add such >> security feature. > > Exactly this. I Admit that i'm a bit lazy in my domain to use guest > access to WPKG and %SOFTWARE% shares, but indeed a 'minimal' > client/server authentication have to be implemented. OK, but how? :) -- Tomasz Chmielewski http://wpkg.org wpkg-users mailing list wpkg-users at lists.wpkg.org http://lists.wpkg.org/mailman/listinfo/wpkg-users |