In Put name and password in URLs
I discuss how Hotmail solves this exact
problem. Note that in the last few weeks the RSA patent
expired. You can now aquire, for free and legally in the
US, both Apache and mod_ssl to implement the https server
required in the authentication.
As for your solution, it is pretty good but I would have a
number of concerns. For instance what happens if someone
sends you a request that matches a file you care about?
Can someone who is sniffing the network spoof the
connection? Was the password sent in the clear?
None of this probably matters for a chat server. (Heck how
many of us are willing to let cookies go around with
plaintext passwords?) But I wouldn't want to trust that
with important data.
Are you posting in the right place? Check out Where do I post X? to know for sure.
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
Want more info? How to link
or How to display code and escape characters
are good places to start.