[OpenID] Combining Google & Yahoo user experience research
SitG Admin
sysadmin at shadowsinthegarden.com
Tue Oct 21 15:58:13 UTC 2008
>RPs can, using no more than OpenID 2.0, perform OpenID discovery on
>http(s)://user at example.com/
I don't think '@' is an allowable character in domain names. Also, an
older version of Internet Explorer used to interpret that as a
pre-specified login name for authentication and would hold onto those
values (usually two, i.e. 'username:password@') waiting for a prompt,
but actually SEND the string AFTER the '@'. This was eventually
removed because it posed a security problem; phishers would use URL's
such as 'msn.com/account/login at badsite.com' and IE would simply
ignore everything preceding the '@'!
-Shade
More information about the general
mailing list