Community

The community grew out of a desire to give readers some extra features as a thank you for their contributions. Join us to syndicate your own blog on the front page, display your comment history and blog posts via your profile, and reserve your name.

Latest Comments

1. Muttley's GravatarMuttley said:

Thanks for this, Shiffers. I've been working on a similar thing, using a similar method, so it's nice to know that I'm using the right trail. I hadn't considered the protocols for the links, so that could saved me a few brown points.

Bonsoir.

Posted In Allowing HTML and Preventing XSS.

Sat, 10 May 2008 at 07:52:50 GMT

2. hossein's Gravatarhossein said:

Hi!

May you give me an example how to use mcrypt_encrypt() in order to save passwrod in database?

There is nothing in your blog about encryption ...

Thanks

Posted In OpenID with myVidoop.

Fri, 09 May 2008 at 13:05:11 GMT

3. Chris Shiflett's GravatarChris Shiflett said:

Hi John,

I agree with you. I think the optimal solution for this site is for me to let people have as many OpenIDs as they want and authenticate using any of them.

I hope to find the time to improve a few things, and OpenID integration is near the top of the list.

Delegation is also a good option, so you don't have to change OpenIDs whenever you change providers. For example, I use shiflett.org as my OpenID everywhere, and this didn't change when I switched to myVidoop.

Posted In OpenID with myVidoop.

Fri, 09 May 2008 at 01:16:57 GMT

4. John Layman's GravatarJohn Layman said:

I had one more thought after I attempted to post a comment. If a user decides to change which OpenID provider they use, currently this would not be possible on your site. I got a duplicate key error, because I'm assuming you use a natural key for the users table. Do you think it would a good idea to allow users to update the OpenID attached to their account in the same way you might have previously permitted a user to update their email address?

Posted In OpenID with myVidoop.

Fri, 09 May 2008 at 00:55:07 GMT

5. John Layman's GravatarJohn Layman said:

Thanks for the tip. This should come in handy for all those passwords I never remember.

By the way, it was neat to see your article on foiling XSRF referenced in my database class this semester. It's always fun when I'm ahead of the curve.

Posted In OpenID with myVidoop.

Thu, 08 May 2008 at 05:14:26 GMT

6. Richard Edwards's GravatarRichard Edwards said:

*relying

Posted In Security Corner: Session Hijacking.

Thu, 08 May 2008 at 03:54:41 GMT

7. Jon Tan's GravatarJon Tan said:

Thanks for posting this Chris. The only thing stopping a typophile like me using it is that lack of a Safari plugin (hint, hint, guys). :)

Posted In OpenID with myVidoop.

Wed, 07 May 2008 at 23:02:35 GMT

8. leveille's Gravatarleveille said:

Thanks for sharing Chris. I've been using the service now since you originally posted. I really like the model they have set up. Very smooth.

Posted In OpenID with myVidoop.

Wed, 07 May 2008 at 13:15:58 GMT

9. Sam Wilson's GravatarSam Wilson said:

Anyone want to comment on the explanations and code about session fixation in the PHP wikibook? It could certainly do with some help I think...

http://en.wikibooks.org/wiki/Programming:PHP/sessions

Thanks!

Posted In Security Corner: Session Fixation.

Wed, 07 May 2008 at 06:26:36 GMT

10. Chris Shiflett's GravatarChris Shiflett said:

Thanks for the additional information, Kevin and Koes. :-)

One nice combination I failed to mention is that you can activate a browser temporarily per Koes's instructions, and you can then have access to all of your saved passwords. (This requires a specific choice to save your passwords with myVidoop instead of locally.) I can see this coming in handy if I need to do something on a friend's computer at some point, because I can never remember my passwords.

Posted In OpenID with myVidoop.

Tue, 06 May 2008 at 18:55:05 GMT