[Bug 11912] HTML5 provides an opportunity to fix a long-running problem with HTTP Authentication. HTTP Authentication is important, because it is the only way to execute a request with 100% certainty that the user has provided an authentication secret. Furthermore,

http://www.w3.org/Bugs/Public/show_bug.cgi?id=11912

--- Comment #12 from Aryeh Gregor <Simetrical+w3cbug@gmail.com> 2011-03-04 02:14:16 UTC ---
Incidentally, zewt on #whatwg pointed out you can get all the security benefits
of your scheme using cookies:

<zewt> (AryehGregor: not necessarily useful to that person, but if I really
needed that, I'd probably do something along the lines of storing an encrypted
password in the cookie with a key on the server, so the server can decrypt it
for each request and then throw it away)

That way the server still doesn't have to store any credential info that an
attacker could profitably compromise.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Friday, 4 March 2011 02:14:18 UTC