[mythtv] Simple MythWeb hack...help needed
Michael Tiller
michael.tiller at gmail.com
Fri Nov 16 01:00:40 UTC 2007
On Nov 15, 2007 6:58 PM, Bill Williamson <bill at bbqninja.com> wrote:
> > Hmmm...is that really true? My OpenID provider is VeriSign and I'm
> pretty
> > sure they only allow https for requests.
>
>
> Yes. The final step in OpenID (or most other SSO schemes) is a
> redirect back to your site with a token. If YOUR site is not SSL,
> then you are vulnerable to MITM attacks.
OK, I see your point now. I'll have to look into that as well then (not a
bad thing to implement anyway). I suppose I'll have to get a free
certificate which means those annoying popup dialogs warning me my site
isn't "secure". I suppose that is a small price to pay.
Back to the topic at hand...anybody have any suggestions on my next step
(either how to get Apache to do authorization or how to put some simple
authorization hack into MythWeb)?
--
Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mythtv.org/pipermail/mythtv-dev/attachments/20071115/cbecf153/attachment.htm
More information about the mythtv-dev
mailing list