Confirm
716
edits
Changes
→Security worries
* We should make sure to make it impossible to set authentication headers since that would make it easier for a site to attempt (distributed) brute force hacking against authenticated servers. Note though that such hacking would be significantly complicated by the fact that the server must be password protected but still have files that it grants access to a 3rd party server, which doesn't really make a lot of sense.
* Timeless left some comments at [http://docs.google.com/Doc?id=dhmd4jxt_27ggbhc8]
