[Haskell-cafe] Haskellers.com profiles: advice requested
Carl Howells
chowells79 at gmail.com
Wed Oct 6 20:31:23 EDT 2010
> Complete side note: it's kind of funny that OpenID let's you specify
> some completely arbitrary string to appear in the resulting
> webpage[2].
Any server with that behavior is out of spec. Operating securely
requires checking the return_to value against the trust_root, and
checking that the return_to value is a valid url.
But wordpress being out of spec is what was observed to start this,
anyway. So what's the surprise?
Carl
More information about the Haskell-Cafe
mailing list