(keitai-l) Re: Auto-Login for Vodafone Phones

From: Alex Shinn <foof_at_synthcode.com>
Date: 10/13/05
Message-ID: <8664s1eu4g.wl@lain.inunome.com>
At Thu, 13 Oct 2005 10:54:23 +0900 (JST), Curt Sampson wrote:
> 
> On Wed, 12 Oct 2005, Alex Shinn wrote:
> 
> > Another strategy some sites use is to let the user create a login page
> > with their ID information when they first signup/login, and then have
> > them bookmark that page or add it to their favorites
> 
> The "favourites" thing you're referring to is a "screen memo," I assume.
> (Though that's a bit tricky, if I recall correctly, for Docomo, they
> have 気に入り which are bookmarks, and メモ which are screen memos; Vodafone
> has ブックマーク which are bookmarks and 気に入り which are screen memos.)

Yes, I was referring to the Vodafone お気に入り, which generally
translates as "favorites."  I knew Docomo had the equivalent but
didn't realize they actually reverse the naming.

> The bookmark thing is not an option for us unless it leads to a page
> asking for a password, since I a) don't want users to be able to send
> links containing authentication credentials, and b) I don't want
> authentication credentials in the server access logs.

Well, for the logs it's easy enough to pipe them to something like:

  sed -e 's/pass=[^&"\s]*/pass=****/g'

assuming the password field is called "pass."  Apache at least lets
you set such a pipe directly in the httpd.conf file.

As for being able to send links with authentication credentials, in
general it's impossible to prevent this without SSL, though explicitly
giving users a page to bookmark would make it easier for non-technical
users to do so.

-- 
Alex
Received on Thu Oct 13 10:47:22 2005