[TYPO3-dev] Like to hear your opinion regarding security
David Bruchmann
typo3-dev at bruchmann-web.de
Tue Dec 1 21:02:39 CET 2009
----- Ursprüngliche Nachricht -----
Von: Ries van Twisk <typo3 at rvt.dds.nl>
Gesendet: Dienstag, 1. Dezember 2009 14:46:29
An: List for Core-/Extension development <typo3-dev at lists.typo3.org>
CC:
Betreff: Re: [TYPO3-dev] Like to hear your opinion regarding security
>
> On Dec 1, 2009, at 8:41 AM, Steffen Kamper wrote:
>
>> Hi,
>>
>> Sebastian Gebhard schrieb:
>>> Hi *,
>>> i'm planning to write an extension that lists BE-Users with
>>> OpenID-Identifiers on the Login-Screen (only suitable for sites with
>>> less than 20 BE-Users).
>>> When you click on a username you get logged in via OpenID with this
>>> user (if the OpenID belongs to you of course.)
>>> So basically the extension discloses Usernames and OpenID
>>> Identifiers. From my point of view these data are not a security
>>> risk, what do you think?
>>> What do you think about a 1-click-login?
>>
>> i don't like to publish other users openID, this belongs to private
>> data i think.
>>
>> vg Steffen
>
>
>
> Steffen,
>
> if it's used in the context of an in-house (intranet) TYPO3 installation,
> I think it will only benefit.
>
> Ries
>
Sorry, it's absolutly tabu in my opinion.
OpenIDs are really what the name says: they open every Account someone
is registered. Integrating the possibility to login with an openID
you've to control really everything in the system that no foreign
Account is called with this ID.
With a local account your more free even local accounts should be privat
too.
Best Regards
David
More information about the TYPO3-dev
mailing list