W3C home > Mailing lists > Public > www-html@w3.org > November 2002

Re: Idea for securityfix in HTML

From: David Woolley <david@djwhome.demon.co.uk>
Date: Sat, 16 Nov 2002 12:36:53 +0000 (GMT)
Message-Id: <200211161236.gAGCarR06341@djwhome.demon.co.uk>
To: www-html@w3.org

> isn't secure, he or she could trie an dictionary or brute-force attack, but
> is is more secure, and I think that's a good thing.

You don't need a dictionary attack.  You have a plain text equivalent which
you can inject into a an HTTP request without knowing the actual password.

> Another idea, maybe make something like a "checksum" value in the type
> attribute in the  <INPUT> tag, which takes a checksum of all data?

This is definitely outside the scope of HTML.  It's also already in MIME,
upon which HTTP is based, although Content-MD5 is not in the HTTP specs
that I've actually seen.
Received on Saturday, 16 November 2002 07:37:01 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 March 2012 18:15:53 GMT