master
Joey Hess 2015-05-14 11:02:57 -04:00
parent 85a529db3d
commit 2a64eea0f5
1 changed files with 10 additions and 9 deletions

View File

@ -35,6 +35,13 @@ Here is a sketch of a different account model that would address that:
users with / in their names, which would make their user-page into a users with / in their names, which would make their user-page into a
subpage? subpage?
> I have fixed passwordauth to not let urls be registered. It seems this
> was not quite a security hole; it didn't let registering a username that
> already existed, so if an openid was an admin, as long as the user logged
> in using that openid, someone else couldn't come along and passwordauth
> collide with it. (Might be exploitable if you could guess an openid that
> was going to be added as an admin later though.) --[[Joey]]
* If passwordauth is enabled, accounts may have a password. Users can * If passwordauth is enabled, accounts may have a password. Users can
authenticate to an account that has a password by entering that password. authenticate to an account that has a password by entering that password.
The username is always the account name (because there's little reason The username is always the account name (because there's little reason
@ -95,12 +102,6 @@ Thoughts?
> >
> Also, when you talk about "separating authentication from authorization", i immediately thought of [[todo/ACL/]] and [[todo/Zoned_ikiwiki/]], so i thought i could mention those... having stability in the usernames would help in the design of those... --[[anarcat]] > Also, when you talk about "separating authentication from authorization", i immediately thought of [[todo/ACL/]] and [[todo/Zoned_ikiwiki/]], so i thought i could mention those... having stability in the usernames would help in the design of those... --[[anarcat]]
> I'm not against this, but I don't anticipate having resources to do any > I'm not opposed to this, but I don't anticipate having resources to do any
> work on it either. --[[Joey]] > work on it either. (I do hope to obscure email addresses from git
> commits.) --[[Joey]]
> I have fixed passwordauth to not let urls be registered. It seems this
> was not quite a security hole; it didn't let registering a name that
> already existed, so if an openid was an admin, as long as the user logged
> in using that openid, someone else couldn't come along and passwordauth
> collide with it. (Might be exploitable if you could guess an openid that
> was going to be added as an admin though.) --[[Joey]]