[security] HTTP vs HTTPS based OpenIDs
Jacob Bellamy
toarms at gmail.com
Tue Dec 8 23:31:40 UTC 2009
It seems to be the case that there are some RPs that do not support HTTPS. I
have been testing them with my own locally hosted HTTPS OpenIDs as well as
ones available from protect networks, and have had no success on a few sites
with either.
In particular, I find sites that use the Mediawiki OpenID extension (such as
www.thinkwiki.org) do not, my own locally hosted wordpress site does not,
and a few other sites that I have encountered such as www.legaltorrents.com
do not. In each case the http OpenID works fine.
You are right Trevor that it might not be any problem with the libraries and
extensions themselves, but in my own experience trying to use HTTPS OpenIDs
with either of the wordpress or mediawiki extensions does not work out of
the box. There could be some additional tweaking or configuring required to
make it do so.
--
View this message in context: http://old.nabble.com/HTTP-vs-HTTPS-based-OpenIDs-tp26685482p26702763.html
Sent from the OpenID - Security mailing list archive at Nabble.com.
More information about the security
mailing list