Re: Suggestion for the validator from Terje Bless on 2001-06-20 (www-validator@w3.org from June 2001)

From: Terje Bless <link@tss.no>
Date: Wed, 20 Jun 2001 21:36:53 +0200
To: Kynn Bartlett <kynn@idyllmtn.com>
cc: Tom Kelleher <kelleher@tkelleher.com>, www-validator@w3.org
Message-ID: <20010620214238-b01010705-c1300d7e-0910-010c@192.168.1.6>

On 20.06.01 at 11:36, Kynn Bartlett <kynn@idyllmtn.com> wrote:

>At 11:24 AM 6/20/2001 , Terje Bless wrote:
>>>In our case, our site is entirely password protected -- so we can't just
>>>send the URL through your main interface.
>>The Validator will proxy the authentication to the client so it'll be
>>just as if you'd entered the URL directly into your browser.
>
>There are a number of security risks associated with this, of course,
>aren't there?

Yes, of course. The password travels in the clear, and you'd need to trust
us not to do something nasty with it. For most sites this is ok, but there
are of course many situations where this is not appropriate. The Validator
will tell you as much when it encounters a protected realm.

Received on Wednesday, 20 June 2001 15:42:40 UTC