On 2/13/09 3:36 PM, Chad wrote:

...

On Feb 13, 2009 6:28 PM, "Erik Moeller" wrote: On any wiki where there's an operation restricted to logged in users, the error message "You must be logged in .." is shown with a link to the login form. Is there a reason (other than "not coded yet") why this login form isn't rendered directly onto the error page, skipping one step?

You hit it right on the head. No reason it can't be there already. I believe there's a bug open about it.

This idea has been kicked around for a while, but there's a potential snag -- one issue is that we want to be able to move the login form to SSL consistently so we're not sending passwords around unencrypted.

If we embed the form directly into error message output, then we have two possibilities:

1) We have a form on an _insecure_ page which _submits_ to a secure page.

This is an unsafe practice -- you don't know that the form is safe; even if you check the <form action> value it might actually be hacked to submit somewhere else by JavaScript if you've been hit by a MITM attack or sent to a malicious site via hacked DNS. Honestly this creeps me out when my bank does this. :)

Possibly however we don't care that much. :D

2) We could redirect to the same error page *on* the SSL server, so it's a secure form now, but possibly unexpectedly.

Redirecting might not be feasible for all cases (eg the result of a POST submission).

-- brion