This is actually the insecure part of the whole Drupal remote auth process: You give your password to a foreign site.
Any thoughts on this? Your ideas would be greatly appreciated.
An idea (proposed by somebody else) for secure remote auth would be to let the user authenticate at the "home server" and only send a "yes" or "no" to the remote server. The remote server would pass the session ID along and get it back if authentication was succesfull. I am not completely sure, if this process is safe from exploits, though. It is not safe for a 'man in the middle' exploits. If somebody manages to pretend to be the 'home server', the they rule.
It is possible though, to devise a scheme which can avoid that, something along the lines: prerequisite - some form of trust established between remote and home, preferably some form of signing the messages. --------------- user: remote, I want to login, I'm a foreign user my home site is xxx remote: user, OK, then, I know of them, redirect to http://xxx/remote/login/url user: home, it's me and my password is .... home: user, wait a bit home: remote, user is fine [message signature] home: user, redirect to remote/whatever user: remote, show me whatever ---------------- A conversation like that is feasible, but is less flexible than the current remote auth. Every software must support such a redirection, login exchange scheme. Redirection is good, since it will help to reduce the user clicks. Between Drupal sites though it could be done. This conversation roughly mimicks the conversations your web browser make with key servers, to verify a certificate, so in spirit at least it should be fine. Vlado