- From: Robert Sayre <sayrer@gmail.com>
- Date: Fri, 20 Oct 2006 18:12:34 -0400
- To: "Henrik Nordstrom" <hno@squid-cache.org>
- Cc: "HTTP Working Group" <ietf-http-wg@w3.org>
On 10/20/06, Henrik Nordstrom <hno@squid-cache.org> wrote: > fre 2006-10-20 klockan 14:12 -0400 skrev Robert Sayre: > > > HTTP security now takes place via forms, cookies, redirects, and > > rubber bands. > > And to be honest mainly because web designers is not happy with how the That is one reason. The ad-hoc stuff can be more secure than the standard schemes, too. > GUI (user-agents) presents the request for user credentials. Also, there is no logout button. I plan to take care of both problems for new schemes in Mozilla. Message body not displayed on HTTP 401 status response <https://bugzilla.mozilla.org/show_bug.cgi?id=271383> Need a markup widget to clear HTTP credentials <https://bugzilla.mozilla.org/show_bug.cgi?id=355319> Obviously, there will need to be buy-in from *all* of the big browser vendors to move toward a Web standard. Maybe the W3C activity will have that. If not, I don't see the point. Mozilla Foundation likes standards when they result in one Web, so I doubt they will be a holdout :) -- Robert Sayre
Received on Friday, 20 October 2006 22:12:44 UTC