[pLog-svn] r4415 - in plugins/branches/lifetype-1.1: . openid
openid/class openid/class/action openid/class/view openid/locale
openid/templates
Jon Daley
plogworld at jon.limedaley.com
Sun Dec 24 02:13:50 GMT 2006
On Sat, 23 Dec 2006, Jon Daley wrote:
> And then we could change the login screen to either simply redirect to
> the login admin.php page, or always fail, unless we were already logged
> in. And then that would remove all issues of logging in on a strange
> screen.
If our admin login accepted a redirect command once we were logged
in, we could use that to do openId return_to stuff as well. Hrm. I
supposed redirecting to external sites is a bad idea in general - people
could do cross-realm attack sorts of things, if they made a link to:
http://my.domain.com/admin.php?afterLoginRedirect=http://sneaky.domain.com/
Maybe there would have to be a special case for OpenID logins.
I think it is pretty how it is now - that people can do whichever option
they prefer.
More information about the pLog-svn
mailing list