[TYPO3-dev] Like to hear your opinion regarding security
David Bruchmann
typo3-dev at bruchmann-web.de
Tue Dec 1 22:01:24 CET 2009
----- Ursprüngliche Nachricht -----
Von: Sebastian Gebhard <sebastian.gebhard at gmail.com>
Gesendet: Dienstag, 1. Dezember 2009 21:30:33
An: typo3-dev at lists.typo3.org
CC:
Betreff: Re: [TYPO3-dev] Like to hear your opinion regarding security
> David Bruchmann schrieb:
>> Integrating the possibility to login with an openID you've to control
>> really everything in the system that no foreign Account is called with
>> this ID.
>> With a local account your more free even local accounts should be
>> privat too.
>
> You never get access to a "foreign" OpenID. When you access the backend
> login you can only click on your own username to log in. When you click
> a foreign username you'll be propted to provide the OpenID password by
> the respective OpenID provider.
Ok, then I misunderstood your plan.
>
> You can find out my OpenID Identifier if you do some research, because I
> produced a podcast about OpenID which shows my ID. But you'll never get
> the 23char long generated password for my OpenID account - so it's not a
> security risk for me, is it?
It's easier to find only a password than a combination of name and
password. Nevertheless a password with 23 chars is hard to hack / brutforce.
Best Regards
David
More information about the TYPO3-dev
mailing list