demexp-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Demexp-dev] logins and account creation.


From: luna
Subject: Re: [Demexp-dev] logins and account creation.
Date: Sun, 8 Oct 2006 23:43:29 +0200
User-agent: Mutt/1.5.9i

On Le Sunday 08 October 2006, à 18:57:59, David MENTRE wrote:

> Augustin <address@hidden> writes:

> > First, the reason why I stored the password in the $_SESSION[] variable 
> > (refer 
> > to earlier discussion), is precisely so that I wouldn't have to store the 
> > password and reduce security risks. If it is stored, then the web admin 
> > (me) 
> > has indirectly access to them, which is what you wanted to avoid. 
> 
> Yes and this is an issue. :-(
> 
> What do you suggest, that the user enters is demexp password and login
> each time he starts making votes through the Drupal interface?
> 
> I don't like the approach from a usability point of view (even if the
> web browse can easily store them conveniently and in a secure way) but
> it could work for stage 1.

It depends how we think on demexp the voting machine and demexp the
web forum. But if we consider the Drupal interface as a distinct entity
than the demexp server, having the possibility for user to identify only 
once could be related with some others call Single Sign On. 

In a lot of case those problems are solved by some "identity federations
systems", we could have a look at the relevance of interfacing with such
systems.

Not sure this message will be very useful without any links but I do not
have the time just now to find the relevant pointers.

François.




reply via email to

[Prev in Thread] Current Thread [Next in Thread]