- From: Elliotte Harold <elharo@metalab.unc.edu>
- Date: Sat, 11 Oct 2008 07:16:02 -0700
- To: noah_mendelsohn@us.ibm.com
- Cc: John Kemp <john.kemp@nokia.com>, Jonathan Rees <jar@creativecommons.org>, ext David Orchard <orchard@pacificspirit.com>, "Ray Denenberg, Library of Congress" <rden@loc.gov>, www-tag@w3.org
noah_mendelsohn@us.ibm.com wrote: > I think I agree with Dave Orchard here. MUST NOT is pretty strong. Let's > say I put up a Web site for my family, an example I've used before. I > want some barriers to casual access by others, but I really don't care > that much whether anyone breaks in to see the photos of my kids' birthday > party. In fact, many parents care a *great* deal that random strangers not be allowed to see photos of their kids. They are shocked and appalled when they discover that happening. I think we would be doing them a real disservice if we indicate that it's OK to post family information wiht passwords in the clear. If you really don't care about casual access by others, you only send the URL to friends and you don't link to or publish it. Maybe you set up robots.txt to indicate noindex. But that is not the use case for password protection. I think we need to recognize that anyone who establishes usernames and passwords for a page has a reasonable desire to only allow authorized users to enter. How much they care when unauthorized users break in is irrelevant. The vast majority of sites care a great deal about this, though some more than others. The point of a password is to prevent unauthorized access, and a use case that starts with the assumption that unauthorized access is unimportant contradicts the whole reason for having a password in the first place. What's really being argued here is that sometimes people put passwords on pages that don't really need them. True enough, but this is not something we need to consider in the finding. Do we really want to say, "Send passwords in the clear only when you don't need passwords at all?" -- Elliotte Rusty Harold elharo@metalab.unc.edu Refactoring HTML Just Published! http://www.amazon.com/exec/obidos/ISBN=0321503635/ref=nosim/cafeaulaitA
Received on Saturday, 11 October 2008 14:16:38 UTC