W3C home > Mailing lists > Public > www-validator@w3.org > July 2018

Re: Fwd: Issue html checker for password protected pages

From: Michael[tm] Smith <mike@w3.org>
Date: Sun, 22 Jul 2018 11:19:28 +0900
To: Hugo Van Aelst <hugovanaelst@gmail.com>
Cc: www-validator@w3.org
Message-ID: <20180722021928.GA26021@sideshowbarker.net>
Hi Hugo,

Hugo Van Aelst <hugovanaelst@gmail.com>, 2018-07-19 23:07 +0200:
> Archived-At: <https://www.w3.org/mid/CABA1Tmv7=Rt3pLK7i6LYX0RLwL_QQo66_4Byh3n_ViKPapgnzA@mail.gmail.com>
> 
> Hello,
> 
> Password protected pages can't been validated by the *NU HTML CHECKER*.

Yeah, that’s by design. Because in order for the checker to be able to
access the password-protected page, you need to expose your password to the
checker backend. Which means that I or anyone else who has admin access to
the backend can see your password and use it without your knowledge to gain
access to the page — or I could even pass it on to a bunch of other people
so that they could all gain access to the page.

> http://www.hugova.be/issue-html-checker/
> 
> The old *W3C HTML Validator* was always working correctly.

It’s not working correctly. The fact that it allows checking of password-
protected pages is security bug, not a feature

-- 
Michael[tm] Smith https://people.w3.org/mike

Received on Sunday, 22 July 2018 02:19:52 UTC

This archive was generated by hypermail 2.3.1 : Sunday, 22 July 2018 02:19:53 UTC