summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs5
1 files changed, 4 insertions, 1 deletions
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index f05115c..47bcd70 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -90,7 +90,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
// replay attacks. But only 2.0+ Providers can be expected to provide
// replay protection.
if (nonceStore == null) {
- this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
+ if (this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20) {
+ Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.");
+ this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
+ }
}
this.channel = new OpenIdChannel(associationStore, nonceStore, this.SecuritySettings);
generated by cgit v1.1 at 2025-05-29 14:23:54 +0000