- From: Ian Hickson <ian@hixie.ch>
- Date: Tue, 25 Nov 2008 21:10:56 +0000 (UTC)
On Tue, 25 Nov 2008, Julian Reschke wrote: > > > > The problem is that you'd basically have to duplicate the entire form, > > since login forms can be arbitrarily complex. If the bot has the > > username and password, why not also give it the username field name, > > password field name, and login script url? Just consider them part of > > the credentials. > > That works in theory, but doesn't scale. > > For instance, we've been working on a search engine that scan internet > sites that may require authentication. Configuring that login for each > site would be a maintenance nightmare. Well for a piece of software of that scale, parsing the document using an off-the-shelf HTML parser and finding the first matching <form> element and then applying normal HTML semantics to get to the form fields seems like a pretty small task in comparison to the rest. > So, on the other hand, if the login form is more complex than username + > password, what is a bot supposed to do with it? I don't understand why it makes a difference what the form is like. It should apply whatever credentials it has been given -- whatever those might be, username/password, certificate, fake addressa and phone number, whatever, and submit the form. Just like a user. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 25 November 2008 13:10:56 UTC