Re: New archives for testing

Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Sun, Dec 30, 2012 at 9:53 PM, Dave Page <dpage(at)pgadmin(dot)org> wrote:
>> I don't think it was originally intended as a prompt (it's the security
>> realm actually), but most browsers showed it anyway and it's been (ab)used
>> that way for years. FYI, the browser I saw not displaying it was Safari on
>> iOS, so most definitely not 'little used'.

> No, but not showing it makes it a pretty useless browser since it's
> supposed to tell the user which password to use when different
> sections on a site has different passwords.
> ...
> So the question is how much effort we want to put into it. If we make
> the 401 page itself contain the text, does that show up in safari
> after authentication has failed, or does it show some custom page?

At least on iOS 6, Safari doesn't seem to show any 401 page at all.
When you hit the "raw" link, you get an "Authentication required"
popup with just space for username and password. If you put in
a wrong value, the popup re-appears. There's not much you can
do except hit "Cancel". Not very helpful at all I'd say. (Now
admittedly, on a phone-size screen it's not clear that there's
room for much of a prompt, but still...)

Having just done the experiment, though, I'd have to say that the
usability of the archives is pretty darn low regardless of this.
Too many very small links too close together --- there's basically
no way to hit what you want accurately without zooming way in first.
(And that was on an iPad; don't even want to think about a phone.)
I can't see anybody really caring about either the mbox or raw links
in that context.

But on the third hand ... could we rig it to accept any old name and
password? The mere occurrence of a challenge ought to be enough to
discourage most bots.

regards, tom lane