23 Jul 21:53
Re: [OpenID] web server - outgoing connections?
From: Andrew Arnott <andrewarnott <at> gmail.com>
Subject: Re: [OpenID] web server - outgoing connections?
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-23 19:53:57 GMT
Subject: Re: [OpenID] web server - outgoing connections?
Newsgroups: gmane.comp.web.openid.general
Date: 2008-07-23 19:53:57 GMT
RPs are required to make outgoing HTTP connections, and should use a 'paranoid http library' to mitigate the issue you speak of.
On Wed, Jul 23, 2008 at 10:33 AM, Egon Kocjan <egon <at> krul.ath.cx> wrote:
Hello,
I am new to openid, so forgive me if this will sound obvious. Let's say
I have a web site and I want to support openid, so users of my site will
be able login using their openid url. The trouble I see here is that my
web server will have to connect to random IPs on the internet as a part
of authentication process*, am I right? Is there an authentication mode,
where client's browser does all the outgoing communication?
* why this is a problem:
- I don't want my web server to be used in ddos attacks
- companies that are serious about security usually deny unrestricted
outgoing connections from servers, so it's also a deployment issue
Thanks,
Egon
_______________________________________________
general mailing list
general <at> openid.net
http://openid.net/mailman/listinfo/general
_______________________________________________ general mailing list general <at> openid.net http://openid.net/mailman/listinfo/general
RSS Feed