[whatwg] Solving the login/logout problem in HTML
Ian Hickson
ian at hixie.ch
Wed Nov 26 03:14:04 PST 2008
On Wed, 26 Nov 2008, Julian Reschke wrote:
> Ian Hickson wrote:
> > > Anyway, if it's out of sync, authentication is not going to work, so
> > > it should be noticed quickly.
> >
> > On the contrary, authentication is going to work fine for 99% of users
> > and it's only when a lone user tries using a bot that it'll break.
>
> Yes, that's what I meant: it will not work for the bot. We apparently
> disagree how frequently this is going to be used.
Yes.
On Wed, 26 Nov 2008, Julian Reschke wrote:
> >
> > Do you have a concrete example where the login form is complex in a
> > manner where the fields can't be identified and there is reason to
> > believe that a bot will want to authenticate but won't have been given
> > enough information to do so?
>
> Well, it was you stating that the form could be arbitrarily complex.
It can, yes. HTML allows arbitrarily complex forms, and we don't want to
limit login forms to just two fields and a button. (I regularly log in to
systems where the login forms are two text fields and a checkbox, or two
text fields and a drop down, or five or so text fields. But in none of
these cases would I personally expect a bot to ever have my credentials.)
> If it's just two text fields, one of which of type password, then no, it
> wouldn't be hard.
Ok.
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list