[TYPO3-dev] Like to hear your opinion regarding security
Sebastian Gebhard
sebastian.gebhard at gmail.com
Tue Dec 1 21:30:33 CET 2009
David Bruchmann schrieb:
> Integrating the possibility to login with an openID
> you've to control really everything in the system that no foreign
> Account is called with this ID.
> With a local account your more free even local accounts should be privat
> too.
You never get access to a "foreign" OpenID. When you access the backend login you can only click on
your own username to log in. When you click a foreign username you'll be propted to provide the
OpenID password by the respective OpenID provider.
You can find out my OpenID Identifier if you do some research, because I produced a podcast about
OpenID which shows my ID. But you'll never get the 23char long generated password for my OpenID
account - so it's not a security risk for me, is it?
More information about the TYPO3-dev
mailing list