[OpenID] web server - outgoing connections?
Andrew Arnott
andrewarnott at gmail.com
Wed Jul 23 19:53:57 UTC 2008
RPs are required to make outgoing HTTP connections, and should use a
'paranoid http library' to mitigate the issue you speak of.
On Wed, Jul 23, 2008 at 10:33 AM, Egon Kocjan <egon at krul.ath.cx> wrote:
> Hello,
>
> I am new to openid, so forgive me if this will sound obvious. Let's say
> I have a web site and I want to support openid, so users of my site will
> be able login using their openid url. The trouble I see here is that my
> web server will have to connect to random IPs on the internet as a part
> of authentication process*, am I right? Is there an authentication mode,
> where client's browser does all the outgoing communication?
>
> * why this is a problem:
> - I don't want my web server to be used in ddos attacks
> - companies that are serious about security usually deny unrestricted
> outgoing connections from servers, so it's also a deployment issue
>
> Thanks,
> Egon
>
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20080723/71f8d07f/attachment-0001.htm>
More information about the general
mailing list