Closed (fixed)
Project:
OAuth 1.0
Version:
6.x-1.x-dev
Component:
Code
Priority:
Normal
Category:
Task
Assigned:
Unassigned
Reporter:
Created:
5 Aug 2008 at 10:37 UTC
Updated:
24 Sep 2008 at 12:40 UTC
Sumit,
im the new maintainer of Site Network module (the former "Drupal" module that do distributed authentication).
Despite the fact this module is widely used (even on drupal.org), its absolutely insecure. Not only because the password is typed on the client sites (so they can store your d.o password), the communication is not encrypted.
So im thinking about to implement a OAuth solution (or a OpenID-like) to address theses problems. However, i have not experience on any of these standards. So im asking you about you opinion.
regards,
massa
Comments
Comment #1
brmassa commentedI managed to do this as private module.