Difference between revisions of "Talk:Viewer Authentication Critique"

Revision as of 11:27, 29 September 2007

Viewer still involves running trusted code on the computer and could initiate other attacks e.g.
- Silently buy L$ and pass onto another account
- Pass token onto bot, and drop the users connection
Potential for phishing websites to entice users to enter username and password and then pass control to SL website and viewer.

Enables username/password authentication to work on third party sites without them having to "see" username and password

--Matthew Dowd 11:27, 29 September 2007 (PDT)

@@ Line 1: / Line 1: @@
 == Security ==
 === Pros ===
+* Viewer does not have to process (and "see") username and password
 === Cons ===
+* Viewer still involves running trusted code on the computer and could initiate other attacks e.g.
+** Silently buy L$ and pass onto another account
+** Pass token onto bot, and drop the users connection
+* Potential for phishing websites to entice users to enter username and password and then pass control to SL website and viewer.
 === Alternatives ===
@@ Line 11: / Line 15: @@
 === Pros ===
+* Enables username/password authentication to work on third party sites without them having to "see" username and password
 === Cons ===
 === Alternatives ===
+* OpenID
+* CardSpace
+* Identity Metasystem
 == Persistence ==
@@ Line 22: / Line 29: @@
 === Cons ===
+* Inconvenient for those with alts
+* Inconvenient for those with multiple clients
 === Alternatives ===
+* Is this really needed?
+----
+--[[User:Matthew Dowd|Matthew Dowd]] 11:27, 29 September 2007 (PDT)