urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security issue with credentials page

master
http://christian.amsuess.com/chrysn 2011-01-28 21:08:13 +00:00 committed by Joey Hess
parent b1f82ab327
commit 37fc7b3dcd
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
doc/todo/credentials_page.mdwn
View File

@ -29,3 +29,5 @@ such a page could have a form as described in [[todo/structured page data]] and
>> and yes, you're right about the word misusage; thanks for pointing it out and fixing it.
>>
>> --[[chrysn]]
an issue to be considered: for ways of authentication that don't explicitly mention the user name (and that would be everything but password; especially OpenID), there has to be a way to prevent users from hijacking an admin's account. the user wouldn't get more privileges, but the admin could find himself logged in as a user instead of an admin when he logs in using his OpenID, for example. he could fix it by removing the openid from the user's ("his") page, but it has to be taken care of nevertheless. --[[chrysn]]