On 6/4/07, Sam Willis <[EMAIL PROTECTED]> wrote: > > Eric, > > For each website you are a member of you need to verify that you are > in fact the user that owns that account. If this process wasn't there > then some one could impersonate another user. For digg and a few > others the method to verify is currently to enter your username and > password. The password is not stored, it is simply used once to do a > dummy login to check that the details are correct.
I don't know how to put this politely, and I must reinforce that this isn't intended as a personal attack, but... I don't believe you. I have no way to validate your claim, and I have no way to audit the path from my keyboard to your use of my login on a third site. Furthermore, I shouldn't be placed in a position where I have to believe you. You may well have the best of intentions, but people should _NEVER_ give their password to _ANYONE_ but the website that the password is for. Encouraging someone to violate this fundamental principle is socially irresponsible. I'm sure you have what you think are legitimate reasons for doing what you are doing. However, no reason trumps basic security practice. The `net has enough problems dealing with problems born of social engineering. Websites that claim to 'require' your password for another site are part of the problem, not part of the solution. _PLEASE_ reconsider what you are doing - If not for your users sake, for your own. Hearing about a site like yours is a black-hat hacker's wet dream. Can you imagine a better target for an attack than a site that collects the passwords of half a dozen other social networking sites? Yours, Russ Magee %-) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to django-users@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
