Re: Accessibility of Pages Requiring Sign-In

I prefer HTTP Basic Authentication. One of its useful features is that as  
a standard HTTP response it is easy to build systems that rely on graphic  
passwods for people who find text too hard to deal with, or some other  
system running on the client and adapted to the user's needs. Cookie-based  
authentication is a little harder to mess around with. Many browsers now  
do try to recognise it and deal with it as if it were HTTP Authentication.  
The benefit of being able to logout is handy, although the requirement to  
have cookies is annoying (because one of the systems I use doesn't...)

just my 2 cents australian...

cheers

Chaals

On Tue, 27 Jul 2004 10:56:44 +0930, Matthew Smith <matt@kbc.net.au> wrote:

> I would be interested to hear peoples thoughts on the following two  
> methods of protecting pages:
>
> 1) HTTP Basic Authentication
> For me, this is the easiest type to use when coding an application -  
> Apache (the web server software) looks after everything for me.
>
> With graphical user agents, the sign-in appears as a pop-up.  Does this  
> not cause a problem with screen readers working with Mozilla/IE/etc. ?
>
> The only other flaw that this has, in my mind, is a security one rather  
> than one of accessiblity; as the user agent tends to cache the  
> authentication information, there is no real way to "log out" without  
> closing the user agent.
>
> 2) Cookie Authentication
> This would appear quite friendly from a user perspective, but what if  
> the user agent does not support cookies?
>
> It appears to me that neither solution is totally accessible, so what  
> should one do?


-- 
Charles McCathieNevile     charles@sidar.org
Fundación Sidar             http://www.sidar.org

Received on Monday, 26 July 2004 21:42:03 UTC