curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support from WolfSSL. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder himself.

Re: Idea for improving password security in the web

From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 4 Jul 2022 11:09:11 +0200 (CEST)

On Sat, 25 Jun 2022, Isaac Boukris via curl-library wrote:

> The idea is to add a new HTTP authentication scheme, where the browser will
> make sure the prompt to enter the password has a distinguish UI which cannot
> be faked with javascript or anything

I've been told many times that one of the primary reasons HTTP based auth
mechnisms have failed compared to POST + cookies, is this reason: that web
site designers prefer a system where they can design the crendential prompt to
their liking and *not* rely on the stiff and ugly same-for-everyone
popup-window the browsers provide. (Another big reason being that the HTTP
auths don't have a proper "logout" action or expiry the easy way cookies do.)

-- 
  / daniel.haxx.se
  | Commercial curl support up to 24x7 is available!
  | Private help, bug fixes, support, ports, new features
  | https://curl.se/support.html
-- 
Unsubscribe: https://lists.haxx.se/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2022-07-04