W3C home > Mailing lists > Public > www-validator@w3.org > August 2008

Re: Problem with validating password-protected pages

From: olivier Thereaux <ot@w3.org>
Date: Mon, 4 Aug 2008 14:36:19 -0400
Cc: www-validator@w3.org
Message-Id: <968017F6-61CF-4082-A96D-04F6AF1CB548@w3.org>
To: H.Hahn <h.hahn@hahn-informatica.nl>

Hello,

On 3-Aug-08, at 11:07 AM, H. Hahn wrote:
> While developing a website, I wanted to validate a certain page that  
> is password-protected.

Did you use HTTP level password protection (the validator can proxy  
that kind of authentication) or form-and-session-cookie? The latter,  
obviously, the validator can not handle, and the best way to check  
such pages is to use direct input or file upload.

> As I was logged in at a sufficiently high level, having access to  
> all pages, I tacitly expected the validator to have the same rights  
> as its invoker (i.e., me) had.

Fortunately, no.

> Only after I re-validated with displaying the complete source code,  
> I found that it had not validated the requested page, but the "Page  
> not found" page. Basically, this was correct, as the validator  
> apparently was refused access to the page.

Not sure why the lack of authentication would return a "page not  
found" page. That does not sound right.

> However, both the validator's address field and the validation  
> result text mentioned the correct URL of the original page, without  
> any mention of the "Page not found" page.

That's a problem with your system. The validator correctly displays  
redirected URLs.
e.g see:
http://validator.w3.org/check?uri=http%3A%2F%2Fwww.w3.org%2FConsortium%2FLegal%2Fipr-notice
and look at the Address: Field.

Thank you.
-- 
olivier
Received on Monday, 4 August 2008 18:36:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:30 GMT