summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorhttp://brian.may.myopenid.com/ <http://brian.may.myopenid.com/@web>2008-07-22 01:28:20 -0400
committerJoey Hess <joey@kitenet.net>2008-07-22 01:28:20 -0400
commit4515726bfebb4a4bec78daf2cdc986cc1cad3392 (patch)
treec9b72db4e3d055ed10dc82ba0f48169e1542a142 /doc
parent88ff7480e6b2f639aa62af53dbb9e63cc3632571 (diff)
response to response
Diffstat (limited to 'doc')
-rw-r--r--doc/bugs/ssl_certificates_not_checked_with_openid.mdwn13
1 files changed, 12 insertions, 1 deletions
diff --git a/doc/bugs/ssl_certificates_not_checked_with_openid.mdwn b/doc/bugs/ssl_certificates_not_checked_with_openid.mdwn
index 171874951..cb4c706f0 100644
--- a/doc/bugs/ssl_certificates_not_checked_with_openid.mdwn
+++ b/doc/bugs/ssl_certificates_not_checked_with_openid.mdwn
@@ -22,4 +22,15 @@ For now, I want to try and resolve the issues with net\_ssl\_test, and run more
> is good.
> --[[Joey]]
-[[!tag done]]
+>> Ok, so I guess the worst that could happen when ikiwiki talks to the http
+>> address is that it gets intercepted, and ikiwiki gets the wrong address.
+>> ikiwiki will then redirect the browser to the wrong address. An attacker could
+>> trick ikiwiki to redirect to their site which always validates the user
+>> and then redirects back to ikiwiki. The legitimate user may not even notice.
+>> That doesn't so seem secure to me...
+
+>> All the attacker needs is access to the network somewhere between ikiwiki
+>> and http://joey.kitenet.net/ or the ability to inject false DNS host names
+>> for use by ikiwiki and the rest is simple.
+
+>> -- Brian May