John Layman's Profile

I had one more thought after I attempted to post a comment. If a user decides to change which OpenID provider they use, currently this would not be possible on your site. I got a duplicate key error, because I'm assuming you use a natural key for the users table. Do you think it would a good idea to allow users to update the OpenID attached to their account in the same way you might have previously permitted a user to update their email address?

Posted in /blog/2008/may/openid-with-myvidoop.

Thu, 08 May 2008 at 20:55:07: Link

Thanks for the tip. This should come in handy for all those passwords I never remember.

By the way, it was neat to see your article on foiling XSRF referenced in my database class this semester. It's always fun when I'm ahead of the curve.

Posted in /blog/2008/may/openid-with-myvidoop.

Thu, 08 May 2008 at 01:14:26: Link

@Pete:

If Amazon really considered it a "top priority" I would hope they could have addressed it within a year. I feel that this was a very generous time period. If it takes disclosure to motivate them to fix it, then at least it gets done. As Chris said, I'm sure he's not the only person who has figured this exploit out by now.

Sure, this might temporarily increase the level of vulnerability, but if it inspires Amazon to take documented vulnerabilities more seriously, I'd say its worth it.

Posted in /blog/2007/mar/my-amazon-anniversary.

Fri, 16 Mar 2007 at 00:46:28: Link

After reading up on the issue, it appears to be an IE 7 bug, that can't really be fixed without using invalid css. If there is a way to fix it without setting "zoom: 100%" I can't seem to find it.

Posted in /blog/2007/mar/a-new-beginning.

Wed, 14 Mar 2007 at 14:37:14: Link

The new design looks wonderful! Easily one of the most visually appealing and accessible blogs I've seen. Just to let you know though, IE7 messes up the padding in your menu if you scale the text.

I'll check back to see how you fix it because its a problem bothering me right now as well ;).

Posted in /blog/2007/mar/a-new-beginning.

Wed, 14 Mar 2007 at 11:24:07: Link