[TYPO3-core] RFC: Feature #10585: Enable BE-User to change their OpenID
Steffen Gebert
steffen at steffen-gebert.de
Mon Mar 2 21:36:36 CET 2009
Dmitry Dulepov wrote:
> Initial idea was that only administrator can allow logging in with OpenID.
> It is to tighten the security.
Okay - but what is more secure:
* get the OpenID from the user via E-Mail
* let the authenticated user set his OpenID
;)
Or - what's the difference between a password and an OpenID?
It's also possible to change the password without entering current one - so
for me setup is insecure by design :)
Should we have a new config option (user/user-group based) to enable/disable
user to change OpenID?
I'm open for any suggestions (esp. about extensibility of setup).
Should we move to dev-list?
Steffen
More information about the TYPO3-team-core
mailing list