- From: Charles McCathieNevile <charles@sidar.org>
- Date: Tue, 27 Jul 2004 03:41:20 +0300
- To: "Matthew Smith" <matt@kbc.net.au>, "WAI Interest Group" <w3c-wai-ig@w3.org>
I prefer HTTP Basic Authentication. One of its useful features is that as a standard HTTP response it is easy to build systems that rely on graphic passwods for people who find text too hard to deal with, or some other system running on the client and adapted to the user's needs. Cookie-based authentication is a little harder to mess around with. Many browsers now do try to recognise it and deal with it as if it were HTTP Authentication. The benefit of being able to logout is handy, although the requirement to have cookies is annoying (because one of the systems I use doesn't...) just my 2 cents australian... cheers Chaals On Tue, 27 Jul 2004 10:56:44 +0930, Matthew Smith <matt@kbc.net.au> wrote: > I would be interested to hear peoples thoughts on the following two > methods of protecting pages: > > 1) HTTP Basic Authentication > For me, this is the easiest type to use when coding an application - > Apache (the web server software) looks after everything for me. > > With graphical user agents, the sign-in appears as a pop-up. Does this > not cause a problem with screen readers working with Mozilla/IE/etc. ? > > The only other flaw that this has, in my mind, is a security one rather > than one of accessiblity; as the user agent tends to cache the > authentication information, there is no real way to "log out" without > closing the user agent. > > 2) Cookie Authentication > This would appear quite friendly from a user perspective, but what if > the user agent does not support cookies? > > It appears to me that neither solution is totally accessible, so what > should one do? -- Charles McCathieNevile charles@sidar.org Fundación Sidar http://www.sidar.org
Received on Monday, 26 July 2004 21:42:03 UTC