Joyent

Joyent Weblog

Google Friend Connect Site on Joyent Accelerators

By David Young 13 May 08

Want to play around with a site already using Google’s Friend Connect? Head over to BibleApps running on Joyent Accelerators. The “Sign In” infrastructure is part of the gadgets available from Google Friend Connect. God bless them.


  1. Is this opening up a can of security worms?

    I’ll explain.

    So I went out to the BibleApps site and clicked “Sign in”.

    It presented me with signing in with Google/Yahoo/AIM/etc.

    (Immediately, I think – oh no. This is going to open up a can of worms by unethical sites faking login pages.)

    The reason being, for years – we have instructed people for security reason to NEVER give out their login information for site X when on site Y.

    Now OpenID and Friend Connect changes all of that. Now, it’s “okay” to give out your Google/Yahoo login information when not on a Google/Yahoo site.

    What concerns me is, how do we explain to people now that this is alright? And how do we prevent unethical people from capturing someones Google/Yahoo login information on a fake-login page and then pass that information onto Google/Yahoo?

    Does that make sense?

    I really like the functionality of Friend Connect and OpenID, and I’m sure it’s implemented in a secure way … what concerns me is that it now seems like it will be extremely easy for sites to “fake” a Google/Yahoo login page because we are now training people that it’s alright to give out your login credentials for a third party site (like BibleApps)

    — Micheal    86 days ago    #

Commenting is closed for this article.