security
Dick Hardt
dick at sxip.com
Mon Oct 23 16:36:32 UTC 2006
On 23-Oct-06, at 4:47 AM, James A. Donald wrote:
> Dick Hardt wrote:
> > Perhaps we can discuss this from another point of
> > view. Why should I need SSL on a blog I am writing a
> > comment on when all the data I provide the blog will
> > be published and public anyway? An attacker is not
> > going to see anything more on the HTTP connection then
> > they would on the blog?
>
> If he sees your users login information, there is a
> problem.
Not if he is seeing the results. Obviously if the attacker sees the
users username and password there is a problem.
The response in OpenID is onetime use and RP specific.
-- Dick
More information about the general
mailing list