At Thu, 13 Oct 2005 10:54:23 +0900 (JST), Curt Sampson wrote:
>
> On Wed, 12 Oct 2005, Alex Shinn wrote:
>
> > Another strategy some sites use is to let the user create a login page
> > with their ID information when they first signup/login, and then have
> > them bookmark that page or add it to their favorites
>
> The "favourites" thing you're referring to is a "screen memo," I assume.
> (Though that's a bit tricky, if I recall correctly, for Docomo, they
> have 気に入り which are bookmarks, and メモ which are screen memos; Vodafone
> has ブックマーク which are bookmarks and 気に入り which are screen memos.)
Yes, I was referring to the Vodafone お気に入り, which generally
translates as "favorites." I knew Docomo had the equivalent but
didn't realize they actually reverse the naming.
> The bookmark thing is not an option for us unless it leads to a page
> asking for a password, since I a) don't want users to be able to send
> links containing authentication credentials, and b) I don't want
> authentication credentials in the server access logs.
Well, for the logs it's easy enough to pipe them to something like:
sed -e 's/pass=[^&"\s]*/pass=****/g'
assuming the password field is called "pass." Apache at least lets
you set such a pipe directly in the httpd.conf file.
As for being able to send links with authentication credentials, in
general it's impossible to prevent this without SSL, though explicitly
giving users a page to bookmark would make it easier for non-technical
users to do so.
--
Alex
Received on Thu Oct 13 10:47:22 2005