Sumit,

im the new maintainer of Site Network module (the former "Drupal" module that do distributed authentication).

Despite the fact this module is widely used (even on drupal.org), its absolutely insecure. Not only because the password is typed on the client sites (so they can store your d.o password), the communication is not encrypted.

So im thinking about to implement a OAuth solution (or a OpenID-like) to address theses problems. However, i have not experience on any of these standards. So im asking you about you opinion.

regards,

massa

Comments

brmassa’s picture

Status: Active » Closed (fixed)

I managed to do this as private module.