Security Considerations
- The user credentials are conveyed in the clear to the web site, unless steps such as employment of Transport Layer Security (TLS) are taken.
- The technique is essentially ad-hoc in that effectively none of the interactions between the user agent and the web server, other than HTTP and HTML themselves, are standardized. The actual authentication mechanism employed by the website is, by default, unknown to the user and the user agent. The form itself, including the number of editable fields, and desired content thereof, are entirely implementation- and deployment-dependent.
- This technique is inherently phishable, or vulnerable to criminals masquerading as a trusted party in the authentication process.
Read more about this topic: HTTP+HTML Form-based Authentication
Famous quotes containing the word security:
“The reins of government have been so long slackened, that I fear the people will not quietly submit to those restraints which are necessary for the peace and security of the community.”
—Abigail Adams (1744–1818)