On 8/24/06, Timwi <timwi(a)gmx.net> wrote:
I was trying to address the security issues
that come from the user's ability to cause the server to perform any GET
request to any server. But now that I think about it more, I haven't
actually solved that issue at all: the necessity to retrieve the "token
file" would still grant the user that ability... so scratch it all :)
How is this solved in Open-ID implementations?