[TYPO3-core] RFC: Feature #10585: Enable BE-User to change their OpenID

Steffen Gebert steffen at steffen-gebert.de
Mon Mar 2 21:36:36 CET 2009


Dmitry Dulepov wrote:
> Initial idea was that only administrator can allow logging in with OpenID.
> It is to tighten the security.

Okay - but what is more secure:
* get the OpenID from the user via E-Mail
* let the authenticated user set his OpenID
;)

Or - what's the difference between a password and an OpenID?
It's also possible to change the password without entering current one - so 
for me setup is insecure by design :)

Should we have a new config option (user/user-group based) to enable/disable 
user to change OpenID? 

I'm open for any suggestions (esp. about extensibility of setup).
Should we move to dev-list?

Steffen 



More information about the TYPO3-team-core mailing list