[haiku-web] Re: Drupal-Trac Single Sign-On...

Nielx wrote:
> The current login method we use does this: it hijacks the login
> procedure. It connects to the drupal database, authenticates a user
> against that database, and then collects the user name and stores the
> email address in the session table. During subsequent calls, the email
> address is maintained and updated.

Ah.  Sounds like it is more secure with the shared login.  I thought it was
more convenience than anything.  Changes my view of things quite a bit.

> Just minor correction here: that the commenting was broken was not
> caused by the login system. It was a bug in a template that
> miraculously surfaced. I still don't know why.

I didn't wish to imply it was caused by the login.  However, changes had
been made that caused the problem to surface.

> I also agree that the inconvenience would not be for the 'user', since
> they would register anyway. The only real inconvenience would be for
> me (or us), when we have to manually generate accounts for all the
> currently registered users :-).
> 
> So I'm in favor for dropping the current link, even though it is still
> possible.

So what exactly would the effect be on security without it?

Curtis

-----------------------------------------------------------------------
haiku-web@xxxxxxxxxxxxx - Haiku Web & Developer Support Discussion List

Other related posts: