- From: Manfred Baedke <manfred.baedke@greenbytes.de>
- Date: Mon, 03 Jul 2006 16:42:21 +0200
- To: Michael Wechner <michael.wechner@wyona.com>
- CC: Julian Reschke <julian.reschke@gmx.de>, w3c-dist-auth@w3.org
Hi Michael, what's really bad about programmatic clients and form based authentication is the fact that the form comes with status code 200, telling the client that everything is fine, and there is really no realiable way for the client to tell wether the response body is the intended content or a login form. Form based authentication, as it is widely used nowadays, is broken by design. Don't use it. Regards, Manfred
Received on Monday, 3 July 2006 15:05:54 UTC