Shared Code for Login Users and Management: Difference between revisions

From GO Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 1: Line 1:
=Discussion points=
=Discussion points=
==Risks==
===Accidental erasure===
(e.g. web crawlers finding the "erase all" link)
===Hacking===
platform targeting hackers
man in the middle after login not a worry


==Wants==
==Wants==
Line 29: Line 17:


===One-stop shopping===
===One-stop shopping===
==Risks==
Things that we're particularly worried about in an implementation.
===Accidental exposure===
This would cover things like web crawlers somehow finding an "erase all" link
===Hacking===
I think in general we're not super worried about security (for example, a man in the middle after login was something that got a lot of shrugs), but want the general bases covered. As we're not security experts, reusing a tested stack by somebody else would be nice.


=Packages considered=
=Packages considered=

Revision as of 20:11, 12 July 2011

Discussion points

Wants

role-based users

Reusable user identities

If somebody did implement their own backend server, they'd be able to use it Rely on either a third-party or local identity authority For example, people could either use a server provided by or, in the case of a local app,

Simple management

Simple implementation (many languages)

One-stop shopping

Risks

Things that we're particularly worried about in an implementation.

Accidental exposure

This would cover things like web crawlers somehow finding an "erase all" link

Hacking

I think in general we're not super worried about security (for example, a man in the middle after login was something that got a lot of shrugs), but want the general bases covered. As we're not security experts, reusing a tested stack by somebody else would be nice.

Packages considered

Login/Authentication Roles/Auth Notes
OpenID OAuth Unsure how to tie together and handle management
Drupal Seems heavy when all we would want is the user code

Comsumers

  • GOLD database administration
  • TermGenie