W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2006

Re: Recognizing a WebDAV enabled client

From: Michael Wechner <michael.wechner@wyona.com>
Date: Mon, 03 Jul 2006 16:48:54 +0200
Message-ID: <44A92E56.3070106@wyona.com>
To: Manfred Baedke <manfred.baedke@greenbytes.de>
CC: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org

Manfred Baedke wrote:
> Hi Michael,
>
> what's really bad about programmatic clients and form based 
> authentication is the fact that the form comes with status code 200, 
> telling the client that everything is fine, and there is really no 
> realiable way for the client to tell wether the response body is the 
> intended content or a login form. Form based authentication, as it is 
> widely used nowadays, is broken by design. Don't use it.

ok, but what is the alternative? BASIC and DIGEST also have issues ;-)

Thanks

Michi

>
> Regards,
> Manfred
>
>
>


-- 
Michael Wechner
Wyona      -   Open Source Content Management   -    Apache Lenya
http://www.wyona.com                      http://lenya.apache.org
michael.wechner@wyona.com                        michi@apache.org
+41 44 272 91 61
Received on Monday, 3 July 2006 14:48:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:14 GMT