W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 25 Nov 2008 21:10:56 +0000 (UTC)
Message-ID: <Pine.LNX.4.62.0811252108070.17401@hixie.dreamhostps.com>
On Tue, 25 Nov 2008, Julian Reschke wrote:
> > 
> > The problem is that you'd basically have to duplicate the entire form, 
> > since login forms can be arbitrarily complex. If the bot has the 
> > username and password, why not also give it the username field name, 
> > password field name, and login script url? Just consider them part of 
> > the credentials.
> 
> That works in theory, but doesn't scale.
> 
> For instance, we've been working on a search engine that scan internet 
> sites that may require authentication. Configuring that login for each 
> site would be a maintenance nightmare.

Well for a piece of software of that scale, parsing the document using an 
off-the-shelf HTML parser and finding the first matching <form> element 
and then applying normal HTML semantics to get to the form fields seems 
like a pretty small task in comparison to the rest.


> So, on the other hand, if the login form is more complex than username + 
> password, what is a bot supposed to do with it?

I don't understand why it makes a difference what the form is like. It 
should apply whatever credentials it has been given -- whatever those 
might be, username/password, certificate, fake addressa and phone number, 
whatever, and submit the form. Just like a user.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 25 November 2008 13:10:56 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC