Security Considerations
- The user credentials are conveyed in the clear to the web site, unless steps such as employment of Transport Layer Security (TLS) are taken.
- The technique is essentially ad-hoc in that effectively none of the interactions between the user agent and the web server, other than HTTP and HTML themselves, are standardized. The actual authentication mechanism employed by the website is, by default, unknown to the user and the user agent. The form itself, including the number of editable fields, and desired content thereof, are entirely implementation- and deployment-dependent.
- This technique is inherently phishable, or vulnerable to criminals masquerading as a trusted party in the authentication process.
Read more about this topic: HTTP+HTML Form-based Authentication
Famous quotes containing the word security:
“There is something that Governments care for far more than human life, and that is the security of property, and so it is through property that we shall strike the enemy.... Be militant each in your own way.... I incite this meeting to rebellion.”
—Emmeline Pankhurst (1858–1928)