[TYPO3-dev] Like to hear your opinion regarding security
Peter Russ
peter.russ at 4many.net
Tue Dec 1 21:41:49 CET 2009
--- Original Nachricht ---
Absender: Sebastian Gebhard
Datum: 01.12.2009 21:30:
> David Bruchmann schrieb:
>> Integrating the possibility to login with an openID you've to control
>> really everything in the system that no foreign Account is called with
>> this ID.
>> With a local account your more free even local accounts should be
>> privat too.
>
> You never get access to a "foreign" OpenID. When you access the backend
> login you can only click on your own username to log in. When you click
> a foreign username you'll be propted to provide the OpenID password by
> the respective OpenID provider.
>
> You can find out my OpenID Identifier if you do some research, because I
> produced a podcast about OpenID which shows my ID. But you'll never get
> the 23char long generated password for my OpenID account - so it's not a
> security risk for me, is it?
By the way: what's the ID of your identity card?
Ok I don't have your fingerprint.
But some sites don't care about that ;-)
If a user can enable your planed feature and if it is disabled by
default it should be ok.
Peter.
--
loans that change lives http://www.kiva.org
_____________________________
uon GbR
http://www.uon.li
http://www.xing.com/profile/Peter_Russ
More information about the TYPO3-dev
mailing list