Bugzilla:OpenID Auth Plugin: Difference between revisions

JanRain Perl library versus Brad's
(Can use OpenID SREG for email exchange)
(JanRain Perl library versus Brad's)
Line 29: Line 29:
* OpenID::Consumer library v0.11 (perl) fails taint check
* OpenID::Consumer library v0.11 (perl) fails taint check
** [http://lists.danga.com/pipermail/yadis/2005-June/thread.html#951 Taint safety discussion on OpenID dev list]
** [http://lists.danga.com/pipermail/yadis/2005-June/thread.html#951 Taint safety discussion on OpenID dev list]
** Take a look at the [http://www.openidenabled.com/openid/libraries/perl/ Perl library from JanRain], it is more current and will evolve to replace Brad's original library as Authentication 2.0 gels
* Cookie expiration
* Cookie expiration
** Current implementation is almost certainly wrong (indefinite length cookies).
** Current implementation is almost certainly wrong (indefinite length cookies).