| From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
|---|---|
| To: | Magnus Hagander <magnus(at)hagander(dot)net> |
| Cc: | Greg Stark <stark(at)mit(dot)edu>, PostgreSQL WWW <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: Google signin |
| Date: | 2017-07-12 14:48:07 |
| Message-ID: | 12554.1499870887@sss.pgh.pa.us |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
Magnus Hagander <magnus(at)hagander(dot)net> writes:
> On Wed, Jul 12, 2017 at 4:16 PM, Greg Stark <stark(at)mit(dot)edu> wrote:
>> The big question though is whether to still require a community id at
>> all. If we just let anyone log in via Google and create a placeholder
>> account on demand if one doesn't exist then you shouldn't have to go
>> through the "create an account" step at all. And you shouldn't have to
>> remember a new userid at all.
> The point of the create an account step would be if somebody has a pg
> account under something(at)somewhere(dot)com and logs in using
> mygoogle(at)somewhere(dot)com they should at least get a notification before we
> create the new account. But we should make doing that trivial, as in a
> pre-filled-out signup form with the info from google/whatever and just a
> "click here to confirm" box.
I'm wondering about the security implications of this --- would it mean
that anybody with a google account could, eg, spam our wiki?
I don't mind reducing barriers to entry when we can, but recent experience
says that there has to be some barrier :-(
regards, tom lane
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2017-07-12 14:52:36 | Re: Google signin |
| Previous Message | Magnus Hagander | 2017-07-12 14:37:17 | Re: Google signin |