科技回声

Would love you input whether I left any security holes.<p>Username/password are never passed back and forth, only the unique hash.<p>Hash is removed from the database once it’s used, old hashes that haven’t been used can’t be unless the database is hacked, but then you have bigger issues.<p>All database queries of the hash have been escaped to prevent XSS attacks.

Google did this recently (HN discussion here: <a href="http://news.ycombinator.com/item?id=3469692" rel="nofollow">http://news.ycombinator.com/item?id=3469692</a>) but since ended the "experiment".

I like this, but i wonder if there's a way to tie this to a Google/Facebook/Twitter account? I'm much more likely to already be logged into one of those devices on my phone...

Is it just me, but are QR codes a solution in search of a problem? I see them everywhere, but I've never seen a single person use one.

Google did this recently (HN discussion here: <a href="http://news.ycombinator.com/item?id=3469692" rel="nofollow">http://news.ycombinator.com/item?id=3469692</a>) but since ended the "experiment".

I like this, but i wonder if there's a way to tie this to a Google/Facebook/Twitter account? I'm much more likely to already be logged into one of those devices on my phone...

Is it just me, but are QR codes a solution in search of a problem? I see them everywhere, but I've never seen a single person use one.

Show HN: Log in to WordPress via QR code (fully functional plugin available)

4 条评论

Show HN: Log in to WordPress via QR code (fully functional plugin available)

4 条评论