- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 25 Nov 2008 22:18:01 +0100
Ian Hickson wrote: >> For instance, we've been working on a search engine that scan internet >> sites that may require authentication. Configuring that login for each >> site would be a maintenance nightmare. > > Well for a piece of software of that scale, parsing the document using an > off-the-shelf HTML parser and finding the first matching <form> element > and then applying normal HTML semantics to get to the form fields seems > like a pretty small task in comparison to the rest. Well, that's what we have been doing. I was looking forward where this could be used by somebody who isn't an expert (think Microsoft Webfolder client or Apple WebDAV FS driver), and where running an HTML parser (in the kernel?) would be problematic. >> So, on the other hand, if the login form is more complex than username + >> password, what is a bot supposed to do with it? > > I don't understand why it makes a difference what the form is like. It > should apply whatever credentials it has been given -- whatever those > might be, username/password, certificate, fake addressa and phone number, > whatever, and submit the form. Just like a user. To do that, it would need to *capture* that information somewhere. I was assuming the whole point in the exercise was to avoid having to pop up an HTML based UI... BR, Julian PS: But even if it doesn't help authenticating without an HTML based UI, this could be useful because it allows non-interactive clients to understand that they're looking at a login form, not the "real thing".
Received on Tuesday, 25 November 2008 13:18:01 UTC