Re: [pgsql-www] Google signin
| От | Magnus Hagander |
|---|---|
| Тема | Re: [pgsql-www] Google signin |
| Дата | |
| Msg-id | CABUevExE6_FginaMfpvvifM_9MbtXMfEcfmidKq1YmF1+cwY7w@mail.gmail.com обсуждение исходный текст |
| Ответ на | Re: [pgsql-www] Google signin (Tom Lane <tgl@sss.pgh.pa.us>) |
| Ответы |
Re: [pgsql-www] Google signin
|
| Список | pgsql-www |
On Wed, Jul 12, 2017 at 4:48 PM, Tom Lane <tgl@sss.pgh.pa.us> wrote:
Magnus Hagander <magnus@hagander.net> writes:
> On Wed, Jul 12, 2017 at 4:16 PM, Greg Stark <stark@mit.edu> wrote:
>> The big question though is whether to still require a community id at
>> all. If we just let anyone log in via Google and create a placeholder
>> account on demand if one doesn't exist then you shouldn't have to go
>> through the "create an account" step at all. And you shouldn't have to
>> remember a new userid at all.
> The point of the create an account step would be if somebody has a pg
> account under something@somewhere.com and logs in using
> mygoogle@somewhere.com they should at least get a notification before we
> create the new account. But we should make doing that trivial, as in a
> pre-filled-out signup form with the info from google/whatever and just a
> "click here to confirm" box.
I'm wondering about the security implications of this --- would it mean
that anybody with a google account could, eg, spam our wiki?
They already can.
What it basically means is that we trust the flag that Google says "this email has been verified" vs verifying it ourselves. For gmail accounts it's basically the same. For non-gmail, we are "outsourcing" the trust decision to Google.
We'd have to put those accounts through exactly the same cooldown we currently do for regular setups. Basically the current workflow is:
1. fill out your details, create new account
2. wait for email to arrive
3. click verification link in email
4. wait for cooldown period (5 days IIRC)
5. post spam to wiki
we'd eliminate steps 2 and 3 basically by saying "google has already verified this".
With the last round of spam we learned that the *spammers* have already automated steps 2 and 3 through throwaway google accounts. So having those two steps in there isn't really stopping the spammers, but it is causing unnecessary inconvenience to "real" users.
I don't mind reducing barriers to entry when we can, but recent experience
says that there has to be some barrier :-(
Definitely. But unless we want to whitelist email providers (and exclude google), we already have that problem, and I don't think this is actually maknig it any worse.
In fact it might make it marginally better because Google might detect things on their oauth side if these people are doing things on a massive scale. Though I doubt they (Google) actually track those things enough in either case.
В списке pgsql-www по дате отправления: