W3C home > Mailing lists > Public > www-validator@w3.org > July 2018

Re: Fwd: Issue html checker for password protected pages

From: Hugo Van Aelst <hugovanaelst@gmail.com>
Date: Mon, 23 Jul 2018 13:39:45 +0200
Message-ID: <CABA1TmtEwJyENwma0SLCknWpdu-R1jLqjJQpg1YK2Zjkcwm4ig@mail.gmail.com>
To: "Michael[tm] Smith" <mike@w3.org>
Cc: www-validator@w3.org
Thanks a lot for your quick answer

Op zo 22 jul. 2018 04:19 schreef Michael[tm] Smith <mike@w3.org>:

> Hi Hugo,
>
> Hugo Van Aelst <hugovanaelst@gmail.com>, 2018-07-19 23:07 +0200:
> > Archived-At: <
> https://www.w3.org/mid/CABA1Tmv7=Rt3pLK7i6LYX0RLwL_QQo66_4Byh3n_ViKPapgnzA@mail.gmail.com
> >
> >
> > Hello,
> >
> > Password protected pages can't been validated by the *NU HTML CHECKER*.
>
> Yeah, that’s by design. Because in order for the checker to be able to
> access the password-protected page, you need to expose your password to the
> checker backend. Which means that I or anyone else who has admin access to
> the backend can see your password and use it without your knowledge to gain
> access to the page — or I could even pass it on to a bunch of other people
> so that they could all gain access to the page.
>
> > http://www.hugova.be/issue-html-checker/
> >
> > The old *W3C HTML Validator* was always working correctly.
>
> It’s not working correctly. The fact that it allows checking of password-
> protected pages is security bug, not a feature
>
> --
> Michael[tm] Smith https://people.w3.org/mike
>
Received on Monday, 23 July 2018 11:40:21 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 July 2018 11:40:21 UTC