W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Solving the login/logout problem in HTML

From: Philipp Kempgen <philipp.kempgen@amooma.de>
Date: Tue, 25 Nov 2008 22:24:20 +0100
Message-ID: <492C6D04.9070708@amooma.de>
Julian Reschke schrieb:
> Ian Hickson wrote:
>>> For instance, we've been working on a search engine that scan internet 
>>> sites that may require authentication. Configuring that login for each 
>>> site would be a maintenance nightmare.
>> 
>> Well for a piece of software of that scale, parsing the document using an 
>> off-the-shelf HTML parser and finding the first matching <form> element 
>> and then applying normal HTML semantics to get to the form fields seems 
>> like a pretty small task in comparison to the rest.
> 
> Well, that's what we have been doing.
> 
> I was looking forward where this could be used by somebody who isn't an 
> expert (think Microsoft Webfolder client or Apple WebDAV FS driver), and 
> where running an HTML parser (in the kernel?) would be problematic.
> 
>>> So, on the other hand, if the login form is more complex than username + 
>>> password, what is a bot supposed to do with it?
>> 
>> I don't understand why it makes a difference what the form is like. It 
>> should apply whatever credentials it has been given -- whatever those 
>> might be, username/password, certificate, fake addressa and phone number, 
>> whatever, and submit the form. Just like a user.
> 
> To do that, it would need to *capture* that information somewhere. I was 
> assuming the whole point in the exercise was to avoid having to pop up 
> an HTML based UI...

> PS: But even if it doesn't help authenticating without an HTML based UI, 
> this could be useful because it allows non-interactive clients to 
> understand that they're looking at a login form, not the "real thing".

Good points.
There are circumstances where the client is not prepared to handle
or parse HTML.
However if the client is a human user you want a nice login page
instead of the ugly basic authentication dialog.


   Philipp Kempgen

-- 
http://www.das-asterisk-buch.de  -  http://www.the-asterisk-book.com
Amooma GmbH - Bachstr. 126 - 56566 Neuwied  ->  http://www.amooma.de
Gesch?ftsf?hrer: Stefan Wintermeyer, Handelsregister: Neuwied B14998
-- 
Received on Tuesday, 25 November 2008 13:24:20 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC