chowells at janrain.com
Tue Jul 5 14:23:36 PDT 2005
Dan Connolly wrote:
> Also, the use of from _module_ import * makes it harder
> to follow references from one part of the code to another.
> Could I talk you out of that? Maybe with a patch?
You're right that it does make things more complicated to follow. I'm
currently reworking the code anyway, so I'll take a look at getting that
And for future reference, we'll happily consider all patches. :)
> I'm still not clear on what credentials I'm giving to the server.
> What stops J Random Black-hat from using my identity URL, once
> I've logged in and told the server about that consumer?
> I guess he won't have the right credentials in his cookies?
> I'll have to study the protocol docs some more...
That's the basic idea. My stupid sample server looks only for a cookie
with the user's login name in it. Obviously that isn't a secure
example, but it isn't too difficult to see how to make an example at
least be much better. Cookie-based credentials are likely to be the
most common, but they certainly aren't the only option. The server can
use any mechanism I can think of right now in theory, though some might
not be suitable in terms of UI.
Thanks again for your feedback.
More information about the yadis