- From: Dave J Woolley <DJW@bts.co.uk>
- Date: Tue, 18 Jan 2000 11:42:24 -0000
- To: "'Sattara'" <starlenz@mindspring.com>
- Cc: "'www-html@w3.org'" <www-html@w3.org>
> From: Sattara [SMTP:starlenz@mindspring.com] > > I'm trying to embed the user authentication attribute of 'User Name' > and > 'Password' into an html form rather than have it open a separate box when > a > In that case you must do your own authentication, and also take your own steps to maintain the user indentity across subsequent accesses (e.g. cookies, if you don't mind losing the more privacy conscious users, or tokens inserted into all URLs, which means even static pages become uncacheable, even if you override the uncacheablility associated with authenticated pages). > functionality locally rather than client side is possible. As an example > I > recommed the Hotmail website where a user enters their name and password > on > the actual page and is thus fowarded to a restricted area. There are no > pop-up security boxes that ask for username and password. > This is a common example of people compromising the protocol in order to get cosmetic effects (one of the reasons why a purist approach to HTML/XHMTL is unlikely to be heeded by commercial users).
Received on Tuesday, 18 January 2000 06:46:14 UTC