W3C home > Mailing lists > Public > www-html@w3.org > March 2000

Re: Anyformat Uploads

From: Tim Bagot <tsb@earth.li>
Date: Wed, 1 Mar 2000 18:58:03 -0500 (EST)
To: Patrice Calve <patrice.calve@cactuscom.ca>
cc: www-html@w3.org
Message-ID: <Pine.LNX.3.96.1000301234736.517V-100000@c32.keble.ox.ac.uk>
On Wed, 1 Mar 2000, Patrice Calve wrote:

> On an other hand, I'm also thinking of this feature for security measures:
> Voice Authentication, Signature Authentication, Retinal Scan, etc.  But in
> this case, I hope that we agree that on a Very Secure Web Application, the
> Source of the Authentication shouldn't be from a file, but should be "LIVE".
> In this case, the user shouldn't have the option of choosing the source and
> the programmer could restrict the source to be "live".  How this "live"
> option be restricted is another case, though.

In principle, yes. But there is no practicable way to enforce this. The
web server has no way of knowing whether what it receives is from a saved
file or read directly from a device. It is impossible to prevent a user
from having this option, because there are no guarantees on the
reliability or authenticity of the information given in HTTP requests.

Tim Bagot
Received on Wednesday, 1 March 2000 22:20:06 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:43 GMT