(Trusted whitelist works too.)On 10/24/07, James Holderness <j4_james@xxxxxxxxxxx> wrote:Joe Gregorio wrote:Parse out the WWW-Authenticate: challenge header that has the GoogleLogin auth-scheme. This is the same thing you would do for Basic or Digest, but the auth-scheme for them is either 'Basic' or 'Digest'. The header has two parameters: 'realm' and 'service'. Take the Email, Passwd, service, and user-agent and POST them as a URL encoded body to the realm URI.Please correct me if I'm wrong, but aren't you opening yourself up to a MITM attack by using the realm as the URI to POST to?Yes, which is why the code I gave is hard coded to use the google server.
-joe
--
