[OpenID] Association poisoning
Andrew Arnott
andrewarnott at gmail.com
Sun Mar 8 05:18:59 UTC 2009
If you write an OpenID relying party library or custom implementation, you
might want to review a post I just wrote on a potential security hole I've
never heard anyone else talk about:
http://blog.nerdbank.net/2009/03/openid-association-poisoning.html
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death
your right to say it." - Voltaire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20090307/327018b8/attachment-0001.htm>
More information about the general
mailing list