DTP


 
Lively discussions on the graphic arts and publishing — in print or on the web


Go Back   Desktop Publishing Forum > General Discussions > Web Site Building & Maintenance

Reply
 
Thread Tools Display Modes
Old 09-27-2012, 06:57 PM   #1
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,711
Default Log into site A via login at some other site?

One site that I visit fairly regularly (stackoverflow.com) allows ... encourages even? ... logging in using credentials from other sites. Facebook, Google, OpenID and others.

That strikes me as supremely odd, to give Site A my login information for another site. There's nothing on the page about how "We never see what you type here" (as though I'd believe that in the first place?).

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 09-27-2012, 07:17 PM   #2
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,918
Default

Sounds weird to me...

Terrie
terrie is online now   Reply With Quote
Old 09-28-2012, 01:30 AM   #3
Barrie Greed
Member
 
Join Date: May 2006
Location: Stringston, Somerset,UK
Posts: 111
Default

Steve

It's Open ID which allows you to use a single ID for multiple sites. If you use a Google password with StackOverflow then Stackoverflow gets confirmation from Google that you are who you say you are. Your password is not seen by Stackoverflow.

At least that's the theory. I have no idea how far you can trust that assertion.

Barrie Greed
Barrie Greed is offline   Reply With Quote
Old 09-28-2012, 07:00 AM   #4
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,711
Default

Quote:
Originally Posted by Barrie Greed View Post
Steve

It's Open ID which allows you to use a single ID for multiple sites. If you use a Google password with StackOverflow then Stackoverflow gets confirmation from Google that you are who you say you are. Your password is not seen by Stackoverflow.

At least that's the theory. I have no idea how far you can trust that assertion.

Barrie Greed
Exactly ... granted, I'd tend to trust StackOverflow in general, but this sort of pegs the paranoiameter. Perhaps when you click e.g. the Facebook Login button it takes you to Facebook to log in, whereupon FB passes back some kind of "Yes it's Steve and he's an OK guy" message to the host site.

But it would be so simple for the host site to link to their own very FB-like page and merrily collect credentials.

It seems a bad habit to get into.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 09-30-2012, 11:47 AM   #5
John Spragens
Member
 
Join Date: Jan 2005
Posts: 437
Default

Maybe it's intended mainly for people who're already logged in to Google or FB. Apparently some people live their online lives permanently logged in to one of those.

Although I'd also be wary of having all those interactions tracked in, say, Google's data mining engine, it sounds like it could offer an experience that's a bit more like what we had in the CompuServe days, when we logged in once and then navigated around to multiple realms.

   
__________________

www.enigmaterial.com
John Spragens is offline   Reply With Quote
Old 09-30-2012, 02:50 PM   #6
annc
Sysop
 
annc's Avatar
 
Join Date: Oct 2004
Location: Subtropical Queensland, Australia, between the mountains and the Coral Sea
Posts: 4,434
Default

Quote:
Originally Posted by Steve Rindsberg View Post
One site that I visit fairly regularly (stackoverflow.com) allows ... encourages even? ... logging in using credentials from other sites. Facebook, Google, OpenID and others.
vBulletin version 4 allows this, from FB at least. Many of the games have support forums outside FB these days, and there's obviously a hook in vBulletin that allows sharing of all sorts of details from FB personal information in the forums.

   
__________________
annc is offline   Reply With Quote
Old 09-30-2012, 05:39 PM   #7
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,711
Default

Here's the log-in page, in case anyone's curious:

http://stackoverflow.com/users/login

On this page:
http://openid.net/get-an-openid/what-is-openid/

it says "Other than your provider, no website ever sees your password, so you don’t need to worry about an unscrupulous or insecure website compromising your identity."

Assuming you trust that you're actually being taken to the provider's site, perhaps so.
I question why I should trust that so easily. It wouldn't be all that hard for me to add a "Sign in with your Google ID" button to a site and have the button link to a bogus site that collects whatever sign-in user names and passwords get handed to it.

I expect that by watching the URL the button goes to *very* carefully, I could satisfy myself that this was not happening. Seems like too much vigilance effort to put forth for the value received.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 09-30-2012, 06:49 PM   #8
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,918
Default

Quote:
steve: I expect that by watching the URL the button goes to *very* carefully, I could satisfy myself that this was not happening. Seems like too much vigilance effort to put forth for the value received.
I'm not sure if Request Policy would do the trick but I think it might--it's a FF add-on that I've been using for quite a while that allows you to control where you transfer to and provides info on what other sites are cross-linked.

If you use FF, it might be interesting to check out with open-id...

Terrie
terrie is online now   Reply With Quote
Old 10-01-2012, 06:16 AM   #9
Steve Rindsberg
Staff
 
Join Date: Nov 2004
Posts: 6,711
Default

I don't use FF and so far, see no reason to trust a site that insists on this type of log-in.

OTOH, I just found that it works to:

Go directly to FB and log in there
Stay logged in while I go to StackOverflow and click the Log In via Facebook button

That takes me to a page on FB that asks for permission to send my name to an "App" (which'd normally put the brakes on right there ... I trust FB apps about as much as I'd trust The Zuckster with my bank account, but this is Research. Carry On Fearlessly!).

At that point, I'm redirected to SO and logged in.

   
__________________
Steve Rindsberg
====================
www.pptfaq.com
www.pptools.com
and stuff
Steve Rindsberg is offline   Reply With Quote
Old 10-01-2012, 09:30 AM   #10
terrie
Staff
 
Join Date: Oct 2004
Posts: 8,918
Default

Quote:
steve: That takes me to a page on FB that asks for permission to send my name to an "App"
It doesn't specify who/where? Not good...

I thought I remembered that you weren't using FF but I wasn't sure. It could be that there is something like the RP add-on for other browsers. I've found it really useful myself because in addition to showing me cross-site linkages, I can pick and choose which of the linkages to allow so for example, I never allow google analytics or other things like that...

Terrie
terrie is online now   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Is my site better now? zofiaphoto Web Design 19 08-24-2006 04:12 AM
WWW Site Down? HTMLAlan Web Site Building & Maintenance 13 07-23-2006 01:38 PM
It's Done! (newest site) dacoyle Web Design 31 02-09-2006 04:22 PM
Site critique please annc Web Design 46 01-14-2006 01:25 PM
Yet another CSS help site annc Web Site Building & Maintenance 4 10-07-2005 09:46 PM


All times are GMT -8. The time now is 12:08 PM.


Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Contents copyright 2004–2014 Desktop Publishing Forum and its members.