W3C home > Mailing lists > Public > www-html@w3.org > January 2000

RE: User Authentication and Forms

From: Dave J Woolley <DJW@bts.co.uk>
Date: Tue, 18 Jan 2000 11:42:24 -0000
Message-ID: <81E4A2BC03CED111845100104B62AFB53F3F90@stagecoach.bts.co.uk>
To: "'Sattara'" <starlenz@mindspring.com>
Cc: "'www-html@w3.org'" <www-html@w3.org>
> From:	Sattara [SMTP:starlenz@mindspring.com]
> 
>     I'm trying to embed the user authentication attribute of 'User Name'
> and
> 'Password' into an html form rather than have it open a separate box when
> a
> 
	In that case you must do your own authentication, and also
	take your own steps to maintain the user indentity across
	subsequent accesses (e.g. cookies, if you don't mind losing
	the more privacy conscious users, or tokens inserted into
	all URLs, which means even static pages become uncacheable,
	even if you override the uncacheablility associated with 
	authenticated pages).

> functionality locally rather than client side is possible.  As an example
> I
> recommed the Hotmail website where a user enters their name and password
> on
> the actual page and is thus fowarded to a restricted area.  There are no
> pop-up security boxes that ask for username and password.
> 
	This is a common example of people compromising the protocol
	in order to get cosmetic effects (one of the reasons why
	a purist approach to HTML/XHMTL is unlikely to be heeded
	by commercial users).
Received on Tuesday, 18 January 2000 06:46:14 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:40 GMT