Privacy Concern with Simple Registration Extension
Kay Lee
kayflow at gmail.com
Wed Nov 29 08:13:00 UTC 2006
Hi members.
I'm testing the Simple Registration Extension to support with our
OpenID provider.
recently I have found that in the response from server, via browser,
to the consumer with mode 'id_res' normal response for request with
registration field required, the user's registration field, such that
e-mail, nickname, ... are transferred in just http GET parameter.
Uhm.... and the return_to URL consumer provided was not https. I think
there is a danger to expose the user's field. Do I must check whether
the consumer's return_to URL is https ???
http://openid.net/specs/openid-simple-registration-extension-1_0.html
Sincerely. Kay.
More information about the general
mailing list