Authentication and Form Submittal

michael shiplett <michael.shiplett@umich.edu>
Errors-To: listmaster@www0.cern.ch
Date: Fri, 25 Feb 1994 12:18:52 --100
Message-id: <199402221725.MAA07492@totalrecall.rs.itd.umich.edu>
Errors-To: listmaster@www0.cern.ch
Reply-To: michael.shiplett@umich.edu
Originator: www-talk@info.cern.ch
Sender: www-talk@www0.cern.ch
Precedence: bulk
From: michael shiplett <michael.shiplett@umich.edu>
To: Multiple recipients of list <www-talk@www0.cern.ch>
Subject: Authentication and Form Submittal
X-Listprocessor-Version: 6.0c -- ListProcessor by Anastasios Kotsikonas
Content-Length: 877
Hello,

  A project I'm working on needs a way to allow users to submit forms
in a secure fashion. The forms themselves may be widely distributed
and copied. The problem is when a user attempts to submit a form,
whence comes the authentication information required for the
submittal?

  The RIPEM & PEM/PGP authentication protocols for accessing restriced
files rightly place all of the information in the protocol. For form
submittal where the form would determine the authentication needed, it
seems sensible to place at least some information in the HTML source
itself, perhaps either in <HEAD> or <FORM>.

  Assuming the form uses a method of post, should the authentication
information be tied to the CGI program and *not* to the server itself?
It is, after all, the CGI program which is handling the processing of
the form.

  Has anyone worked on these issues?

michael