- From: Adam Jack <ajack@corp.micrognosis.com>
- Date: Mon, 26 Feb 1996 09:50:37 -0500 (EST)
- To: hallam@w3.org
- Cc: "Daniel W. Connolly" <connolly@beach.w3.org>, Murray Altheim <murray@spyglass.com>, Robert Hazeltine <rhazltin@bacall.nepean.uws.edu.au>, www-html@w3.org
On Sun, 25 Feb 1996 hallam@w3.org wrote: > 1) Malicious servers may attempt to trick the user into submitting data > without their consent > > On (1) yesw there is a problem for any automatic forms entry scheme. > This could be dealt with in two ways. Two or more. > Either the browser comes up with a dialogue box > and asks (do you want to automatically add in these fields". Alternatively > the automatic fill in protocol might be configured to only operate within > a closed subnet - for forms comming from within a company say. > I agree with the first - the second seems a bit limited functionality. I know this is probably a user agent implementation issue however I would like to see some further discussion on it in any proposal. > 2) Wouldn;t it be easier to have a central registry? > > There is a world of difference between a system in which it is in peoples > interests to abide by a common standard and one where one is rammed down > peoples throats. > I am not suggesting anything like the later. > There is also a deeper philosophical issue here. The Web works because it > is decentralised and has no central registry. > I am not sure I agree -- they all registered with Internic or their internal DNS system. At a time any browser knows how to lookup an find the IP address for a domain name. Also routing tables are propagated to allow requests and responses to be delivered. Additionally - are not the likes of Yahoo and WebCrawler a form of centralized registry? Sure - the WWW works without them but they are best located by being in the registary. For ease of use everything must be easily looked up. As I said - I am not suggesting a new NS for propagation. I am just hoping that there will be a mechanism whereby any field can be looked up without difficulty. > I see this as an area where we can win most by staying aloof from the fray. > Someone somewhere will produce a very comprehensive set of field templates > and people will want to use them. I prefer to offload that type of work onto > people who have time and possibly expertise. > Could that not equally be done by setting a field name standard and then stepping back? We could have names like : WWW.Personal.Name.FirstName = Adam WWW.Personal.Name.LastName = Jack As a naming scheme it lacks the nice automatic help feature of attaching a URI but it allows hierarchy. As I said -- one could then allow or disallow whole groups of data to certain sites. People could extend it with : MyExtension.Browser.Version MyExtension.Browser.Name or something like : WWW.Personal.Name.MyExtension.NickName (as said - I am no name wiz.) Any 'centralized' registry could be a simple CGI script on a server. These days firms jump on the bandwagon of offering 'public services' -- and this need be no different. How many fields will the be anyway? Hundreds? Never more than thousands -- and definately not the Internic millions. Adam -- +1-203-730-5437 | http://www.micrognosis.com/~ajack/index.html
Received on Monday, 26 February 1996 09:47:58 UTC