W3C home > Mailing lists > Public > w3c-dist-auth@w3.org > July to September 2006

Re: Recognizing a WebDAV enabled client

From: Manfred Baedke <manfred.baedke@greenbytes.de>
Date: Mon, 03 Jul 2006 16:42:21 +0200
Message-ID: <44A92CCD.2040508@greenbytes.de>
To: Michael Wechner <michael.wechner@wyona.com>
CC: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org

Hi Michael,

what's really bad about programmatic clients and form based 
authentication is the fact that the form comes with status code 200, 
telling the client that everything is fine, and there is really no 
realiable way for the client to tell wether the response body is the 
intended content or a login form. Form based authentication, as it is 
widely used nowadays, is broken by design. Don't use it.

Regards,
Manfred
Received on Monday, 3 July 2006 15:05:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 2 June 2009 18:44:14 GMT