thentos
thentos copied to clipboard
liqd
A tool for privacy-preserving identity management (PPIM)
There is some code that tries to accomodate various dev and op scenarios and elaborates on the cabal `Path.getDataFileName` functionality. This code could use some more love, understanding, and probably...
In several instances, errors in the config file lead to an `error` being thrown in the code. It would be better to reserve `error` for programming mistakes and instead `throwError...
SafeHaskell tracks calls to not explicitly trusted, potentially harmful functions. SafeHaskell can be used to identify all calls to potentially harmful functions so we can decide whether we want to...
This would allow to move the randomness out of the `ActionState` type. Motivated by #451, where it would suggest a more elegant implementation of `mkAudioSolution`.
We need to show them to be in compliance. See BUG marker in `thentos-core/src/Thentos/Frontend/State.hs`.
http://spacebug.com/tableless_secure_one_time_password/ may be a substitute for 1. pseudonyms (we don't have those yet) 1. session tokens 1. other things using this as session tokens would also solve the problem that...
`serviceLoginH`: The session token seems to be contained in the URL. So if people copy the url from the address bar and send it to someone, they will get the...
Use csrf protection for `userLogoutConfirmH, emailUpdateH, serviceCreateH, serviceRegisterH` (if needed). See BUG markers in `thentos-core/src/Thentos/Frontend/Handlers.hs`.
Use csrf protection for `userLogoutConfirmSnippet`, if needed. See BUG marker in `thentos-core/src/Thentos/Frontend/Pages.hs`.