- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Tue, 25 Nov 2008 22:05:51 +0100
Ian Hickson wrote: > ... >> I didn't yet have time to look into this in detail, but it currently >> seems to require the UA to still parse the HTML page. Wouldn't it be >> better of the *headers* of the response (such as WW-Authenticate, Link, >> ...) would contain sufficient information to perform the login without >> having to do that; such as a URI to POST to, plus the parameter names >> for user name and password? > > The problem is that you'd basically have to duplicate the entire form, > since login forms can be arbitrarily complex. If the bot has the username > and password, why not also give it the username field name, password field > name, and login script url? Just consider them part of the credentials. That works in theory, but doesn't scale. For instance, we've been working on a search engine that scan internet sites that may require authentication. Configuring that login for each site would be a maintenance nightmare. So, on the other hand, if the login form is more complex than username + password, what is a bot supposed to do with it? BR, Julian
Received on Tuesday, 25 November 2008 13:05:51 UTC