[whatwg] Solving the login/logout problem in HTML
ian at hixie.ch
Tue Nov 25 13:10:56 PST 2008
On Tue, 25 Nov 2008, Julian Reschke wrote:
> > The problem is that you'd basically have to duplicate the entire form,
> > since login forms can be arbitrarily complex. If the bot has the
> > username and password, why not also give it the username field name,
> > password field name, and login script url? Just consider them part of
> > the credentials.
> That works in theory, but doesn't scale.
> For instance, we've been working on a search engine that scan internet
> sites that may require authentication. Configuring that login for each
> site would be a maintenance nightmare.
Well for a piece of software of that scale, parsing the document using an
off-the-shelf HTML parser and finding the first matching <form> element
and then applying normal HTML semantics to get to the form fields seems
like a pretty small task in comparison to the rest.
> So, on the other hand, if the login form is more complex than username +
> password, what is a bot supposed to do with it?
I don't understand why it makes a difference what the form is like. It
should apply whatever credentials it has been given -- whatever those
might be, username/password, certificate, fake addressa and phone number,
whatever, and submit the form. Just like a user.
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg