Buy commercial curl support from WolfSSL. We help you work
out your issues, debug your libcurl applications, use the API, port to new
platforms, add new features and more. With a team lead by the curl founder
himself.
Re: Idea for improving password security in the web
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Mon, 4 Jul 2022 11:09:11 +0200 (CEST)
On Sat, 25 Jun 2022, Isaac Boukris via curl-library wrote:
> The idea is to add a new HTTP authentication scheme, where the browser will
> make sure the prompt to enter the password has a distinguish UI which cannot
> be faked with javascript or anything
I've been told many times that one of the primary reasons HTTP based auth
mechnisms have failed compared to POST + cookies, is this reason: that web
site designers prefer a system where they can design the crendential prompt to
their liking and *not* rely on the stiff and ugly same-for-everyone
popup-window the browsers provide. (Another big reason being that the HTTP
auths don't have a proper "logout" action or expiry the easy way cookies do.)
Date: Mon, 4 Jul 2022 11:09:11 +0200 (CEST)
On Sat, 25 Jun 2022, Isaac Boukris via curl-library wrote:
> The idea is to add a new HTTP authentication scheme, where the browser will
> make sure the prompt to enter the password has a distinguish UI which cannot
> be faked with javascript or anything
I've been told many times that one of the primary reasons HTTP based auth
mechnisms have failed compared to POST + cookies, is this reason: that web
site designers prefer a system where they can design the crendential prompt to
their liking and *not* rely on the stiff and ugly same-for-everyone
popup-window the browsers provide. (Another big reason being that the HTTP
auths don't have a proper "logout" action or expiry the easy way cookies do.)
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html -- Unsubscribe: https://lists.haxx.se/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2022-07-04