Feed Sign in with OpenID OpenID

Simon Willison’s Weblog

2 items tagged “accounts”

Designing for a security breach

User account breaches are inevitable. We should take that in to account when designing our applications. [... 545 words]

9:29 pm / 30th September 2007 / 9 / accounts, csrf, designingforabreach, openid, phishing, privacy, security, xss

hasAccount. Stuart proposes a light-weight API for letting any site know if a user has an account (and is signed in) on another service. I wouldn’t want to deploy this without being confident that my CSRF protection was in order. 3 28th September 2007, 9:10 am

Related: csrf, openid, designingforabreach, privacy, phishing

accounts on del.icio.us, Flickr, Technorati

Feed Feed for this tag

Search this site for "accounts"

A django site