I can say at least for our internal OP we're using HTTPS throughout,
but definitely have noticed in my exploits across the web that it
varies a lot between RPs.
Anything that can be done to drive toward being more secure is a good
thing (and I suspect is ultimately a better user experience anyway).
-Jonathan
On Dec 8, 2009, at 6:45 PM, Trevor Johns wrote:
On Tue, 8 Dec 2009 15:31:40 -0800 (PST), Jacob Bellamy <[email protected]
>
wrote:
You are right Trevor that it might not be any problem with the
libraries
and
extensions themselves, but in my own experience trying to use HTTPS
OpenIDs
with either of the wordpress or mediawiki extensions does not work
out of
the box. There could be some additional tweaking or configuring
required
to
make it do so.
A common problem is that PHP isn't compiled with SSL support.
Other times it's compiled as an extension that needs to be explicitly
enabled in your php.ini.
Try running examples/detect.php in the php-openid library and see if
it
works. (http://openidenabled.com/php-openid/) I know for a fact that
library supports HTTPS, and that's what the MediaWiki plugin relies
on.
--
Trevor Johns
http://tjohns.net
_______________________________________________
security mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-security
_______________________________________________
security mailing list
[email protected]
http://lists.openid.net/mailman/listinfo/openid-security
