[OpenID] web server - outgoing connections?
Egon Kocjan
egon at krul.ath.cx
Wed Jul 23 17:33:49 UTC 2008
Hello,
I am new to openid, so forgive me if this will sound obvious. Let's say
I have a web site and I want to support openid, so users of my site will
be able login using their openid url. The trouble I see here is that my
web server will have to connect to random IPs on the internet as a part
of authentication process*, am I right? Is there an authentication mode,
where client's browser does all the outgoing communication?
* why this is a problem:
- I don't want my web server to be used in ddos attacks
- companies that are serious about security usually deny unrestricted
outgoing connections from servers, so it's also a deployment issue
Thanks,
Egon
More information about the general
mailing list