Scott Lawrence wrote: > > > Could the spec allow for customization of the authentication dialog? > > The only customization allowed for is the value of the realm, which > should be displayed to the user (if any) if challenging for the > credentials. In thinking about customizing this, bear in mind that some > clients will not be browsers and will not have human users. FWIW, ages ago I asked for (and was denied) the addition of a "prompt" attribute, which would have been (one of) the thing the user saw in the dialog box. The argument against at the time was, I think, that such an attribute could be used by a malicious server to fool the user into giving credentials for a spoofed authentication domain. Notwithstanding that valid criticism, I still think a "prompt" attribute could be useful. In one application I wrote, users have to register before they can gain access to "protected" documents. The project, and hence the realm, is "SEPTEMBER". But to remind users that they have to register first, I had to make the HTTP realm attribute be "SEPTEMBER (You must have registered)", so browsers would present that string, and users would get the useful hint. Dave KristolReceived on Monday, 15 December 1997 11:51:11 EST
This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:33:05 EDT