[thesite] My Intro and a look at a UEUE Proposal
Warden, Matt
mwarden at mattwarden.com
Tue Oct 16 16:44:20 CDT 2001
On Oct 16, Martin had something to say about Re: [thesite] My Intro and a...
>Warden, Matt wrote on 15/10/01 4:53 pm
>
>>1. How to login at a central place and be recognized at all *.evolt.org
>>sites, not just the ones which can read cf session variables
>
>Couple of questions:
>1) Does this mean that if you visit my meo site I can read your
>ueue cookie info?
that's always been the case, martin. it is to this day.
but, this will be improved with ueue because it will be encrypted and
members sites won't have the decryption key.
>2) If so, does it matter? I can see that I couldn't forge a ueue
>ticked from scratch, but if I can copy yours, does that give me
>access to your stuff?
I dunno what mark had in mind, but he talked about ueue server sending the
child keys to the servers, so i assumed that implied a rotation of keys
during some amount of time.
Again, this isn't a change. In theory, you can do this now. It will be at
least an improvement with ueue.
IOW, what I'm saying is we should go on with this and maybe spawn a few
others to tackle the larger problem, if we decide it's that big of a deal
to do so.
>3) What kind of period would we have for the expiry, and if it's
>a long one, would the membership object?
object=verb, here right?
i think we have a better chance of them objecting if the period (if i
understand you right, you're talking about the cookie and/or key) was
short. that would pretty much ruin the "remember me" feature.
good questions.
thanks,
--
mattwarden
mattwarden.com
More information about the thesite
mailing list