Re: hidden source code html

lilley (lilley@afs.mcc.ac.uk)
Wed, 4 Oct 1995 16:59:50 +0100 (BST)


From: lilley <lilley@afs.mcc.ac.uk>
Message-Id: <19145.9510041559@afs.mcc.ac.uk>
Subject: Re: Re: hidden source code html
To: sirrah@cg57.esnet.com (Stuart Harris)
Date: Wed, 4 Oct 1995 16:59:50 +0100 (BST)
Cc: www-html@w3.org
In-Reply-To: <m0t0VtA-0001M2C@cg57.esnet.com> from "Stuart Harris" at Oct 4, 95 08:37:41 am

Stu Harris says:

> Well Jon, the original question -- at least, _my_ original Usenet question -- 
> related to the use of a hyperlink of the form 
>        ftp://user:password@ftp.some.site.uk 
> which is permitted, but REALLY STUPID unless the code can be concealed.

Not at all. There is such a link at the bottom of my personal page 
(see sig for URL). However, it is perfectly secure because the password 
part must be supplied by anyone attempting to traverse the link. (Even 
more secure in my case, as we use Kerberos authentication).

Also, in the case of public access accounts for kiosks, etc it might be 
perfectly acceptable to disclose both the username and password.

Also, HTML might be generated on the fly, or used within a secure 
environment. For example, filling in a form and supplying credit card 
details might generate on the fly some html with instructions on using 
some demonstration software, plus a link of the form you have described 
giving a guest account and the password du jour to try it out.


-- 
Chris Lilley, Technical Author
+-------------------------------------------------------------------+
|       Manchester and North HPC Training & Education Centre        |
+-------------------------------------------------------------------+
| Computer Graphics Unit,             Email: Chris.Lilley@mcc.ac.uk |
| Manchester Computing Centre,        Voice: +44 161 275 6045       |
| Oxford Road, Manchester, UK.          Fax: +44 161 275 6040       |
| M13 9PL                            BioMOO: ChrisL                 |
|     URI: http://info.mcc.ac.uk/CGU/staff/lilley/lilley.html       | 
+-------------------------------------------------------------------+