[foaf-protocols] Like cheese? Join my club!

Toby A Inkster tai at g5n.co.uk
Sun Mar 1 23:14:11 CET 2009

On 1 Mar 2009, at 20:19, Story Henry wrote:

> Btw. this does show the need for a logout button. Clearly having to  
> login every five minutes is a bit tedious, so the https session  
> should be a lot longer. But if  they had been then I would never  
> have been able to try different certificates, since there is no  
> logout button.

Melvin's technique of only using FOAF+SSL for the initial login, and  
then using PHP sessions for the rest of the time spent on site is a  
good one. Of course, it does lose a bit of security.

> Ok, so I built myself a second account on foafssl.org, which was  
> the occasion for me to discover a security hole in this cheesy  
> service :-)

I think v 0.01 of CGI::Auth::FOAF_SSL actually did this, but when I  
refactored it for v 0.02 it got lost. I've fixed my local copy and  
the fix will be included in v 0.04.

Also fixed the problem that Tim and Kingsley were having which was  
caused by, would you believe it, a single stray apostrophe in a  
SPARQL query.

Toby A Inkster
<mailto:mail at tobyinkster.co.uk>

More information about the foaf-protocols mailing list