"Norman Rasmussen" <[EMAIL PROTECTED]> writes: > I've been playing with OpenID and using the XEP-0070 example as a > source for logic. It was very irritating to have a unique resource > all the time because Psi loads each one in a new window.
Did you try the new XEP-0070 support from SVN? > While thinking about what the resource can be set to I noticed a > security flaw: > > - If an attacker can guess what the resource is going to be, then you > have a problem. Is that a problem? If so, the same should apply to a component sending authorization requests. As I understand it, XEP-0070 is based on the assumption that an XMPP address cannot be forged. As long as that holds, I think there should be no problem. -- Magnus JID: [EMAIL PROTECTED]
