[TYPO3-core] RFC #9683: Store OpenID information in database instead of using the filesystem
Oliver Hader
oliver at typo3.org
Sun Nov 29 16:33:30 CET 2009
Hi Dmitry,
Dmitry Dulepov schrieb:
> Hello!
>
> On 26/11/2009 11:37, Dmitry Dulepov wrote:
>> Problem:
>> OpenID requires a storage where to put intermediate OpenID data (such as
>> associations and nonces). Currently this is stored in the file system.
>> It has certain risks such as collisions and guessing of file names with
>> further secret retrieval by an attacker. Risks are small because OpenID
>> library generates ransom names but they exist.
>>
>> Solution:
>> Provide a database storage for the OpenID.
>
> Committed to trunk. Thanks to everybody who reviewed and tested this patch.
Thanks for taking care!
olly
--
Oliver Hader
TYPO3 Release Manager 4.3
More information about the TYPO3-team-core
mailing list