[Rets-dev] Username/Password and security policies
Jeff Brush
jeffbrush at hotmail.com
Fri Mar 9 15:07:20 CST 2007
Stuart Schuessler wrote:
> You probably would want to implement the client authentication as well.
> Just checking the user-agent is easy to fake. A person can do it with
firefox. If
> you do not implement the client authentication then anyone with a login
to the MLS
> system and access privileges can download your entire database and sell
it to a
> moving company or any number of data aggregators.
How are client authentication passwords really any less easy to fake?
And how does client authentication prevent the user from selling the data?
At best, client authentication (the RETS-UA-Authorization header in RETS
1.7) provides a method for MLSs to limit which client applications may
access their systems.
Jeff Brush
Ronin Technologies
More information about the Rets-dev
mailing list