- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 26 Nov 2008 10:58:54 +0000 (UTC)
On Wed, 26 Nov 2008, Julian Reschke wrote: > > Ian Hickson wrote: > > > A simple way to achieve it would be to restrict it to username/password > > > pairs, and to have the names of these form parameters live in the response > > > headers as well. > > > > We would have to, at a minimum, include the name of the username field, the > > name of the password field, and the URL of the form to POST to. I am very > > wary of duplicating information that is already available as it tends to > > become out of date and thus ends up being even more of a pain than if the > > information isn't there in the first place. > > I would expect that information to be autogenerated. I would be very surprised if it was. If it turns out to be widely autogenerated, then I'd be happy to add features to help with that. > Anyway, if it's out of sync, authentication is not going to work, so it > should be noticed quickly. On the contrary, authentication is going to work fine for 99% of users and it's only when a lone user tries using a bot that it'll break. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 26 November 2008 02:58:54 UTC