[Catalyst] OpenID authentication and LWPx-ParanoidAgent

Ashley apv at sedition.com
Sat Jul 18 00:17:28 GMT 2009

Yep. Sorry. I am working on a new one. Just keep getting stuck trying  
to update the tests to run correctly. I'll commit to getting a new  
one out this weekend even if I have to TODO the live tests for now.

The real issue here though is that using LWP::UA instead of  
ParanoidAgent is a security problem. Someone can point your openid  
form at a tarpit "provider." So I would definitely *not* use this in  
production without it but recent updates to LWP broke ParanoidAgent  
which relies on some deprecated debug behavior.

Brad Fitzpatrick and friends have done a great job getting these  
things together so I don't want to come off critical. The real answer  
here is to get ParanoidAgent fixed. If anyone can look at it and send  
a patch to that package, that would be the best thing. In the  
meanwhile I'll adjust the credential to at least be installable  
without failures.


On Jul 17, 2009, at 1:33 PM, Zbigniew Lukasiak wrote:

> Hi there,
> It seems that http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent 
> +1.05
> fails on every front (and if you check the history it wasn't much
> better in previous releases).   So what you guys use as the LWP agent
> for OpenID authentication?
> -- 
> Zbigniew Lukasiak
> http://brudnopis.blogspot.com/
> http://perlalchemy.blogspot.com/
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/ 
> catalyst at lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/

More information about the Catalyst mailing list