The main problem with the plain vanilla out of the box deployment is that it uses plain text security tokens, which aren't really 'secure'; So people could hand craft their own and spoof their identity that way.
If however you're using Partuza, it does do encrypted security tokens, so if you set 'allow_plaintext_tokens' (shindig/php/config/container.php) to false, you're all good. On Tue, Jul 28, 2009 at 9:05 AM, rgravina <[email protected]> wrote: > > > > On Jun 24, 6:40 pm, Chris Chabot <[email protected]> wrote: > > Hey Robert, > > > > As the guy who said that, I guess I'm the right person to clarify :) > > > > Thanks for the detailed clarification! Phew, it's a lot to take in. > > I've actually now managed to get a my gadgets working, without doing > any of that. They are just fairly simple RSS readers etc. at the > moment. They don't use ny social data (yet). > > Are there any obvious problems (e.g. security) with deploying a > shindig that has no cusomisation (quite literally, I haven't written/ > changed any PHP code yet). > > Robert > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Implementing OpenSocial Containers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/opensocial-container?hl=en -~----------~----~----~----~------~----~------~--~---
