[OpenID] Yahoo hijacking?

SitG Admin sysadmin at shadowsinthegarden.com
Sat Apr 19 01:29:34 UTC 2008

Previous message: [OpenID] user-initiated login
Next message: [OpenID] Yahoo hijacking?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>And where should we send the user? The openid.return_to value is not
>necessarily the referrer,

Quick question - what if the user is blocking the referer? Using a 
privacy/anonymizing plugin, etcetera? At that point the 
openid.return_to value is practically *guaranteed* not to match the 
referer. Is the user losing any security by blocking the referer?

-Shade

Previous message: [OpenID] user-initiated login
Next message: [OpenID] Yahoo hijacking?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the general mailing list