[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Demexp-dev] logins and account creation.
|
From: |
luna |
|
Subject: |
Re: [Demexp-dev] logins and account creation. |
|
Date: |
Sun, 8 Oct 2006 23:43:29 +0200 |
|
User-agent: |
Mutt/1.5.9i |
On Le Sunday 08 October 2006, à 18:57:59, David MENTRE wrote:
> Augustin <address@hidden> writes:
> > First, the reason why I stored the password in the $_SESSION[] variable
> > (refer
> > to earlier discussion), is precisely so that I wouldn't have to store the
> > password and reduce security risks. If it is stored, then the web admin
> > (me)
> > has indirectly access to them, which is what you wanted to avoid.
>
> Yes and this is an issue. :-(
>
> What do you suggest, that the user enters is demexp password and login
> each time he starts making votes through the Drupal interface?
>
> I don't like the approach from a usability point of view (even if the
> web browse can easily store them conveniently and in a secure way) but
> it could work for stage 1.
It depends how we think on demexp the voting machine and demexp the
web forum. But if we consider the Drupal interface as a distinct entity
than the demexp server, having the possibility for user to identify only
once could be related with some others call Single Sign On.
In a lot of case those problems are solved by some "identity federations
systems", we could have a look at the relevance of interfacing with such
systems.
Not sure this message will be very useful without any links but I do not
have the time just now to find the relevant pointers.
François.