[whatwg] Solving the login/logout problem in HTML

On Tue, 25 Nov 2008, Julian Reschke wrote:
> > 
> > The problem is that you'd basically have to duplicate the entire form, 
> > since login forms can be arbitrarily complex. If the bot has the 
> > username and password, why not also give it the username field name, 
> > password field name, and login script url? Just consider them part of 
> > the credentials.
> That works in theory, but doesn't scale.
> For instance, we've been working on a search engine that scan internet 
> sites that may require authentication. Configuring that login for each 
> site would be a maintenance nightmare.

Well for a piece of software of that scale, parsing the document using an 
off-the-shelf HTML parser and finding the first matching <form> element 
and then applying normal HTML semantics to get to the form fields seems 
like a pretty small task in comparison to the rest.

> So, on the other hand, if the login form is more complex than username + 
> password, what is a bot supposed to do with it?

I don't understand why it makes a difference what the form is like. It 
should apply whatever credentials it has been given -- whatever those 
might be, username/password, certificate, fake addressa and phone number, 
whatever, and submit the form. Just like a user.

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Tuesday, 25 November 2008 13:10:56 UTC