OSNews > Thread > "RE[2]: And?" by jdrake

Linked by Eugenia Loli-Queru on Fri 17th Aug 2007 02:22 UTC, submitted by randommsdev

Microsoft has announced the release of Windows Live ID Web Authentication. This means that WLID (formerly known as Passport) is now opened to third party websites to use as their authentication system. Any Windows Live user can potentially log in to a website that implements Web Authentication. Interestingly sample implementations are available in the Ruby, Python, Perl, and PHP open source languages amongst others -- tested on openSUSE 10.2 but expected to work on any platform that supports these languages. More details are available in the SDK documentation.

0 52 Comment(s)

http://osne.ws/e95

Thread beginning with comment 264059
To view parent comment, click here.
To read all comments associated with this story, please click here.

RE[2]: And?

by jdrake on Fri 17th Aug 2007 03:18 UTC in reply to "RE: And?"

Member since:
2005-07-07

It is a terrible idea to store a password. Much better to store only a representation, such as an MD5 or SHA1 of the password.

Reply Parent Bookmark Score: 1

RE[3]: And?

by WiggetyWhack on Sat 18th Aug 2007 15:43 in reply to "RE[2]: And?"

Member since:
2007-06-30

Actually, I prefer encrypting data solely owned by the owner, with the owners password.

Reply Parent Bookmark Score: 1

RE[4]: And?

by stestagg on Sat 18th Aug 2007 17:40 in reply to "RE[3]: And?"

Member since:
2006-06-03

It depends on the data. Often the website system has to be aware of the content of the users data (when they aren't logged in) in order to work.

Reply Parent Bookmark Score: 2

RE[3]: And?

by stestagg on Sat 18th Aug 2007 17:42 in reply to "RE[2]: And?"

Member since:
2006-06-03

Actually, you're about 3 years out of date. SHA1 and MD5 passwords can be guessed using Rainbow codes. You should encrypt a password hash, or use some other, private obfuscation method to prevent rainbow cracking.

Reply Parent Bookmark Score: 2