[TYPO3-core] RFC #9683: Store OpenID information in database instead of using the filesystem
Dmitry Dulepov
dmitry.dulepov at gmail.com
Sun Nov 29 16:19:03 CET 2009
Hello!
On 26/11/2009 11:37, Dmitry Dulepov wrote:
> Problem:
> OpenID requires a storage where to put intermediate OpenID data (such as
> associations and nonces). Currently this is stored in the file system.
> It has certain risks such as collisions and guessing of file names with
> further secret retrieval by an attacker. Risks are small because OpenID
> library generates ransom names but they exist.
>
> Solution:
> Provide a database storage for the OpenID.
Committed to trunk. Thanks to everybody who reviewed and tested this patch.
--
Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.
More information about the TYPO3-team-core
mailing list