Refactoring the Debtags web interface
Brian May
brian at microcomaustralia.com.au
Mon Feb 23 23:58:45 UTC 2009
Peter Palfrader wrote:
> As openid provides no security whatsoever there's probably not a big
> chance of us (as in DSA) hopping onto the openid hype any time soon.
>
openid could be secure - e.g. by enforcing https everywhere, always
checking the remote certificate properly, never using passwords for
authentication, etc.
Unfortunately, none of these apply to the implementations I have seen
(although my openid provider does at least allow for x509 certificate
authentication instead of password passed authentication).
There was a good article at
<http://idcorner.org/2007/08/22/the-problems-with-openid/>,
unfortunately the domain appears to be off-line now, and the archive at
<http://web.archive.org/web/20080208023407/http://idcorner.org/2007/08/22/the-problems-with-openid/>
is difficult to read due to bad formatting.
--
Brian May <brian at microcomaustralia.com.au>
More information about the Debtags-devel
mailing list