[Catalyst] OpenID authentication and LWPx-ParanoidAgent
Ashley
apv at sedition.com
Sat Jul 18 00:17:28 GMT 2009
Yep. Sorry. I am working on a new one. Just keep getting stuck trying
to update the tests to run correctly. I'll commit to getting a new
one out this weekend even if I have to TODO the live tests for now.
The real issue here though is that using LWP::UA instead of
ParanoidAgent is a security problem. Someone can point your openid
form at a tarpit "provider." So I would definitely *not* use this in
production without it but recent updates to LWP broke ParanoidAgent
which relies on some deprecated debug behavior.
Brad Fitzpatrick and friends have done a great job getting these
things together so I don't want to come off critical. The real answer
here is to get ParanoidAgent fixed. If anyone can look at it and send
a patch to that package, that would be the best thing. In the
meanwhile I'll adjust the credential to at least be installable
without failures.
-Ashley
On Jul 17, 2009, at 1:33 PM, Zbigniew Lukasiak wrote:
> Hi there,
>
> It seems that http://matrix.cpantesters.org/?dist=LWPx-ParanoidAgent
> +1.05
> fails on every front (and if you check the history it wasn't much
> better in previous releases). So what you guys use as the LWP agent
> for OpenID authentication?
>
> --
> Zbigniew Lukasiak
> http://brudnopis.blogspot.com/
> http://perlalchemy.blogspot.com/
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/
> catalyst at lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
More information about the Catalyst
mailing list