Re: OpenID

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu May 29 2008, Mike McGrath wrote:
> Hey guys, so the last little bits are in good shape for the OpenID
> provider we're attempting to be.  Don't go announcing this to others yet.
> Lets test it out, if it breaks something let us know.  We'll be announcing
> it officially soon.  You can, for example, log in to livejournal.com with:

The login to livejournal worked for me, too. But after I have seen how it 
works, I think it is too insecure to use the FAS password for authentication. 
This makes it pretty easy for any openid user to get the FAS password, 
because instead of really forwarding someone to the FAS homepage, one could 
just present the FAS login form to get the password. Here is an interesting 
blog article about security considerations wrt. openid:
http://idcorner.org/2007/08/22/the-problems-with-openid/

Regards,
Till

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Fedora-infrastructure-list mailing list
Fedora-infrastructure-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list

[Index of Archives]     [Fedora Development]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux