[security] MyOpenID
Josh Hoyt
josh at janrain.com
Wed Mar 21 20:25:37 UTC 2007
On 3/21/07, gaz_sec at hushmail.com <gaz_sec at hushmail.com> wrote:
> I don't know what the position is on disclosure so I thought I
> would just describe what is possible on the MyOpenID site and see
> if the problem has been encountered before.
Just for the record, we (JanRain) prefer to get contacted before a
potential vulnerability has been publicly discussed.
We're happy to work with anyone who has found a vulnerability in the
OpenID protocols, the JanRain OpenID libraries, or any of our
OpenID-using products.
Josh
More information about the security
mailing list