[Bug 11912] HTML5 provides an opportunity to fix a long-running problem with HTTP Authentication. HTTP Authentication is important, because it is the only way to execute a request with 100% certainty that the user has provided an authentication secret. Furthermore, from bugzilla@jessica.w3.org on 2011-03-04 (public-html-bugzilla@w3.org from March 2011)

From: <bugzilla@jessica.w3.org>
Date: Fri, 04 Mar 2011 02:37:05 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PvKt7-0005Nr-Au@jessica.w3.org>

http://www.w3.org/Bugs/Public/show_bug.cgi?id=11912

--- Comment #15 from Jeremy <jeremy@blazonco.com> 2011-03-04 02:37:04 UTC ---
(In reply to comment #14)
> 
> > 2. You're still storing your database credentials using this mechanism.
> 
> No, you're not.

Ah, I completely misunderstood what you were suggesting.  And it's a pretty
great idea.  It had never occurred to me that you can use cookies in pretty
much the same way as auth credentials as long as you use them *directly*.  I am
so used to session stores that I completely forgot that cookies can store more
than just a session ID - and you can completely control them with a wide
variety of approaches.

Thanks for the idea!  And my thanks to Zewt as well.  I still think from a
theoretical standpoint that improving HTTP Auth would be a better choice.  But
from a practical standpoint, you're right - it seems like cookies could be used
in much the same way - you just have to be more careful with them (i.e.
encryption).

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.

Received on Friday, 4 March 2011 02:37:07 UTC