Last modified: 2013-03-16 14:20:10 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T47956, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 45956 - Security enhanced authentication: before, during, and after authentication process allow to inspect Server fingerprints; store them in the database
Security enhanced authentication: before, during, and after authentication pr...
Status: RESOLVED DUPLICATE of bug 46189
Product: MediaWiki extensions
Classification: Unclassified
OpenID (Other open bugs)
master
All All
: Normal enhancement (vote)
: ---
Assigned To: T. Gries
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-03-10 14:08 UTC by T. Gries
Modified: 2013-03-16 14:20 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description T. Gries 2013-03-10 14:08:13 UTC 
To lower risks of MITM attacks in the authentication process, I propose similar to what I proposed in [1]:

before and during the authentication process 

+ allow to inspect Server fingerprints (sha-256, sha-1, md5)

and then store them also in the wiki database.

+ Add to the tables in OpenID preferences a way to 

i)   to inspect (list) stored fingerprints ; and perhaps 
ii ) to check (compare) the stored against the current server fingerprints.


Implementation tip:

The code for this can(should) be used and shared with php-openid library and its storage.

[1] https://github.com/owncloud/mirall/issues/44
Comment 1 T. Gries 2013-03-16 14:20:10 UTC 

*** This bug has been marked as a duplicate of bug 46189 ***
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links