Mercurial > prosody-wiki
comparison mod_openid.wiki @ 6:f37413020065
Get rid of false wiki link for javascript.
| author | dbb.google@liqd.org |
|---|---|
| date | Sun, 13 Sep 2009 15:53:14 +0000 |
| parents | 64ea417e219d |
| children | 1e004e5ddc95 |
comparison
equal
deleted
inserted
replaced
| 5:64ea417e219d | 6:f37413020065 |
|---|---|
| 33 # Make sure OpenID key-value pairs get signed in the right order (<font color="red">_Hard_</font>) | 33 # Make sure OpenID key-value pairs get signed in the right order (<font color="red">_Hard_</font>) |
| 34 * It is important that the OpenID key-value responses be signed in the proper order so that the signature can be properly verified by the receiving party. This may be complicated by the fact that the iterative ordering of keys in a Lua table is not guaranteed for non-integer keys. | 34 * It is important that the OpenID key-value responses be signed in the proper order so that the signature can be properly verified by the receiving party. This may be complicated by the fact that the iterative ordering of keys in a Lua table is not guaranteed for non-integer keys. |
| 35 # Do an actual match on the OpenID realm (<font color="blue">_Medium_</font>) | 35 # Do an actual match on the OpenID realm (<font color="blue">_Medium_</font>) |
| 36 * The code currently always returns true for matches against an OpenID realm, posing a security risk. | 36 * The code currently always returns true for matches against an OpenID realm, posing a security risk. |
| 37 # Don't use plain text authentication over HTTP (<font color="red">_Hard_</font>) | 37 # Don't use plain text authentication over HTTP (<font color="red">_Hard_</font>) |
| 38 * This would require some JavaScript to perform a digest. | 38 * This would require some Javascript to perform a digest. |
| 39 # Return meaningful error responses (<font color="blue">_Medium_</font>) | 39 # Return meaningful error responses (<font color="blue">_Medium_</font>) |
| 40 * Most error responses are an HTTP 404 File Not Found, obviously something more meaningful could be returned. | 40 * Most error responses are an HTTP 404 File Not Found, obviously something more meaningful could be returned. |
| 41 # Enable Association (<font color="red">_Hard_</font>) | 41 # Enable Association (<font color="red">_Hard_</font>) |
| 42 * Association is a feature of the OpenID specification which reduces the number of round-trips needed to perform authentication. | 42 * Association is a feature of the OpenID specification which reduces the number of round-trips needed to perform authentication. |
| 43 # Support HTTPS (<font color="blue">_Medium_</font>) | 43 # Support HTTPS (<font color="blue">_Medium_</font>) |