[sldev] OpenID & SSL certificates

Argent Stonecutter secret.argent at gmail.com
Mon Oct 1 19:51:46 PDT 2007

Previous message: [sldev] OpenID & SSL certificates
Next message: [sldev] OpenID & SSL certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I would just like to note that Dzonatas comments and proposed  
solution have nothing to do with my comment "The solution is to not  
worry about that case" that he appears to be explaining here.

The recent URL vulnerability had little to do with the dangers of  
using passwords. It was all about Windows lack of an out-of-band  
mechanism for separating components of a command line, and about the  
implementation of the authentication from the server. There are  
plenty of ways to use a secret to authenticate yourself that don't  
involve passing a replayable secret over the network, encrypted or not.

Previous message: [sldev] OpenID & SSL certificates
Next message: [sldev] OpenID & SSL certificates
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the SLDev mailing list