[Solar-talk] Gmail and Curl authentication adapters
Travis Swicegood
development at domain51.com
Tue Oct 17 09:31:40 PDT 2006
Paul M Jones wrote:
> This brings up an interesting issue: the user has to enter his Gmail
> credentials on a non-Google site (the "vendor" site). That kind of
> thing would make me nervous as an end-user; how can I know the vendor
> is not caching the credentials? I'd almost prefer that Google
> implement something like OpenID, or TypeKey, or some other single
> sign-on system where the credentials are not passed through an
> intercessor.
>
Very true regarding being nervous. Of course, that's the beauty of open
source, you can take a look at the code and see what's happening there
to insure that nothing nefarious is going on.
If I was going to implement it - and I'm actually kicking around the
idea for a site that might use it - I would definitely have a "Why do we
need this?" link explaining why we're using (convenience, eases the
burden on the site because we don't have to maintain user records, etc.)
and how we're using it (connection to Gmail is encrypted, only your
email is stored, etc.). If this did become a common way to handle
logins, however, you can bet someone would abuse it. :-(
-Travis
More information about the solar-talk
mailing list