Last modified: 2013-03-16 14:20:10 UTC
To lower risks of MITM attacks in the authentication process, I propose similar to what I proposed in [1]: before and during the authentication process + allow to inspect Server fingerprints (sha-256, sha-1, md5) and then store them also in the wiki database. + Add to the tables in OpenID preferences a way to i) to inspect (list) stored fingerprints ; and perhaps ii ) to check (compare) the stored against the current server fingerprints. Implementation tip: The code for this can(should) be used and shared with php-openid library and its storage. [1] https://github.com/owncloud/mirall/issues/44
*** This bug has been marked as a duplicate of bug 46189 ***