- From: Philipp Kempgen <philipp.kempgen@amooma.de>
- Date: Tue, 25 Nov 2008 22:24:20 +0100
Julian Reschke schrieb: > Ian Hickson wrote: >>> For instance, we've been working on a search engine that scan internet >>> sites that may require authentication. Configuring that login for each >>> site would be a maintenance nightmare. >> >> Well for a piece of software of that scale, parsing the document using an >> off-the-shelf HTML parser and finding the first matching <form> element >> and then applying normal HTML semantics to get to the form fields seems >> like a pretty small task in comparison to the rest. > > Well, that's what we have been doing. > > I was looking forward where this could be used by somebody who isn't an > expert (think Microsoft Webfolder client or Apple WebDAV FS driver), and > where running an HTML parser (in the kernel?) would be problematic. > >>> So, on the other hand, if the login form is more complex than username + >>> password, what is a bot supposed to do with it? >> >> I don't understand why it makes a difference what the form is like. It >> should apply whatever credentials it has been given -- whatever those >> might be, username/password, certificate, fake addressa and phone number, >> whatever, and submit the form. Just like a user. > > To do that, it would need to *capture* that information somewhere. I was > assuming the whole point in the exercise was to avoid having to pop up > an HTML based UI... > PS: But even if it doesn't help authenticating without an HTML based UI, > this could be useful because it allows non-interactive clients to > understand that they're looking at a login form, not the "real thing". Good points. There are circumstances where the client is not prepared to handle or parse HTML. However if the client is a human user you want a nice login page instead of the ugly basic authentication dialog. Philipp Kempgen -- http://www.das-asterisk-buch.de - http://www.the-asterisk-book.com Amooma GmbH - Bachstr. 126 - 56566 Neuwied -> http://www.amooma.de Gesch?ftsf?hrer: Stefan Wintermeyer, Handelsregister: Neuwied B14998 --
Received on Tuesday, 25 November 2008 13:24:20 UTC