I agree with all that Mx. Nicholson said. Also, to examplify the situation that Mx. Nicholson experienced, I must say that we must distinguish betweeen what *can* be done in order to attempt to use the service, and what ther service provider *offers* you (in a visible way) in order to accomplish the same thing. This later one depends on the server-side software implementation and depends on how the *client-side* software (JS) is customized.
I also have to note that, although I'm *not* a web development and security expert, and disregarding the possible limitations of the service being provided in most sites that require authentication: I see that there is the possibility of (why not?) copying the way GNU Mailman uses to authenticate users (this doesn't require JS); using some PHP-only authentication; or using a combination of HTTP Basic Access Authentication (HTTP BAA, or HTTP BA) + HTTPS (this one is needed because HTTP BAA puts important fields in the HTTP header). The HTTP BAA (no HTTPS) is commonly used by modems and routers. A difference between what the service provider *offers* to you to what you currently *can* do can be seen in attempts of various people to circunvent the JS requirements in some sites. Recently, I found an ugly way to use some parts of Unimestre, a student information system made by a Brazilian organization that goes by the same name. The ugly hack is currently written in GNU Bash script, but I want to turn it into a GreaseMonkey script (although I still have to learn how to do it). As I'm not a developer, and I barely have the time to focus on contributing to free software directly, it took me around one year just to find out that most of the things Unimestre does are related to forms with JS actions, with hidden input fields, no submit buttons, and forced form submission through JS. This could be done, instead, with forms without JS actions, still using hidden input fields, and with CSS styling to make the submit button look like a link (or no CSS styling at all for simplicity sake). I see the current situation of Unimestre as undesirable, it did, and still is, giv(e/ing) me headaches to do the most basic things. The point is, Unimestre could have made the thing I'm struggling to do now, right from the beginning and by default, instead of relying on JS for openning links, submitting forms, downlaoding files, displaying images. _______________________________________________ libreplanet-discuss mailing list libreplanet-discuss@libreplanet.org https://lists.libreplanet.org/mailman/listinfo/libreplanet-discuss