0

the GUID

it would be great if yql could generate the quid for a specific user without nay information.
you guys say the guid is public but you can not acquire the guid of a user without authorization, so it is protected, not public.
it would be cool if any yahoo user who called the "guid table" would get only their guid back. is it possible for a user to get their ownn guid without authorization

6 Replies
  • QUOTE (Monsignor K. Kuwajukaba @ Mar 28 2009, 11:44 AM) <{POST_SNAPBACK}>
    it would be great if yql could generate the quid for a specific user without nay information.
    you guys say the guid is public but you can not acquire the guid of a user without authorization, so it is protected, not public.
    it would be cool if any yahoo user who called the "guid table" would get only their guid back. is it possible for a user to get their ownn guid without authorization


    You can get a guid from a yahoo ID using the yahoo.identity table, e.g.:

    select * from yahoo.identity where yid='spullara'

    Jonathan
    0
  • QUOTE (Jonathan @ Mar 30 2009, 10:31 AM) <{POST_SNAPBACK}>
    You can get a guid from a yahoo ID using the yahoo.identity table, e.g.:

    select * from yahoo.identity where yid='spullara'

    Jonathan


    You don't understand my question jonathan. The identity table works only if you have a userid inputted into it.
    What I am asking is, what if you just want your guid.

    EX

    select * from yahoo.myguid

    this would return the user who is calling its guid. Nothing more, nothing less. This table would only work if a user is logged into the yahoo network. And, this table would only return the specific users guid, no other information at all, but it would only be for the user who called it. BUT, I would like it to work without authorization.


    So, if you called the table the results would be
    <results>
    <guid>J's GUID
    </guid>
    </results>

    if i called the same table the results would be
    <results>
    <guid>MK's GUID
    </guid>
    </results>

    if yahoo did that it would be like having a specific code for every yahoo user in the public sphere.
    Since guid's are already public, i don't understand why yahoo would be so threatened by it. And since i respect the validity of security. If each yahoo member had two guids, then the one every member know has could be used as normal, but the second could be used for this function and other similar things
    0
  • QUOTE (Monsignor K. Kuwajukaba @ Mar 30 2009, 07:26 PM) <{POST_SNAPBACK}>
    You don't understand my question jonathan. The identity table works only if you have a userid inputted into it.
    What I am asking is, what if you just want your guid.

    EX

    select * from yahoo.myguid

    this would return the user who is calling its guid. Nothing more, nothing less. This table would only work if a user is logged into the yahoo network. And, this table would only return the specific users guid, no other information at all, but it would only be for the user who called it. BUT, I would like it to work without authorization.


    So, if you called the table the results would be
    <results>
    <guid>J's GUID
    </guid>
    </results>

    if i called the same table the results would be
    <results>
    <guid>MK's GUID
    </guid>
    </results>

    if yahoo did that it would be like having a specific code for every yahoo user in the public sphere.
    Since guid's are already public, i don't understand why yahoo would be so threatened by it. And since i respect the validity of security. If each yahoo member had two guids, then the one every member know has could be used as normal, but the second could be used for this function and other similar things


    Can you tell me what you are trying to accomplish? Infact if I read correctly, this is a security issue. If we did support such a scenario, the 3rd party site owner would get access to the Yahoo user's guid without his/her consent. You could simply add a script node to your page which calls a Query and gets access to "my" guid if I was logged into Yahoo which could be malicious. The security angle here is that the 3rd party site would get user "identifiable" yahoo id without the prior consent of the user.

    -- Nagesh
    0
  • QUOTE (Nagesh Susarla @ Mar 31 2009, 11:00 PM) <{POST_SNAPBACK}>
    Can you tell me what you are trying to accomplish? Infact if I read correctly, this is a security issue. If we did support such a scenario, the 3rd party site owner would get access to the Yahoo user's guid without his/her consent. You could simply add a script node to your page which calls a Query and gets access to "my" guid if I was logged into Yahoo which could be malicious. The security angle here is that the 3rd party site would get user "identifiable" yahoo id without the prior consent of the user.

    -- Nagesh


    Well,
    the question no one responded to is what i want i really want Nagesh. I want to develop a few games and searching and blogging services for members of my group in the groups file section, but to do that I realize that I will need an identification scheme. In retrospect I should have just went alone and did my own sign on system, but it occured to me that in the groups I want to develop, the groups are private. So, why not have a way to identify a user in the group. It would just be one unique number and it would only be for a particular group so what harm could there be. I asked the umbrella question about guid's to see if their was anything anyone had done that was close to fitting my purposes. But, i realize nagesh that I made a mistake. The security concerns are too big to implement this function.
    So, I will go along and make my own sign on scheme. Even though it seems redundant to me, but perhaps it is best for security.
    0
  • QUOTE (Monsignor K. Kuwajukaba @ Apr 1 2009, 04:47 AM) <{POST_SNAPBACK}>
    Well,
    the question no one responded to is what i want i really want Nagesh. I want to develop a few games and searching and blogging services for members of my group in the groups file section, but to do that I realize that I will need an identification scheme. In retrospect I should have just went alone and did my own sign on system, but it occured to me that in the groups I want to develop, the groups are private. So, why not have a way to identify a user in the group. It would just be one unique number and it would only be for a particular group so what harm could there be. I asked the umbrella question about guid's to see if their was anything anyone had done that was close to fitting my purposes. But, i realize nagesh that I made a mistake. The security concerns are too big to implement this function.
    So, I will go along and make my own sign on scheme. Even though it seems redundant to me, but perhaps it is best for security.


    Hey,

    Why not use OAuth and ask the user for for permission to access his/her guid? Since its in a private group, I'm sure the user wouldnt mind allowing you read only access to their social profile. That way you can keep the guid in your db and identify the user and you've also explicitly asked the user for consent which seems like a pretty good solution.

    Another alternative is to use OpenId (if you do intend to accept users from any openId provider).

    -- Nagesh
    0
  • QUOTE (Nagesh Susarla @ Apr 1 2009, 10:32 AM) <{POST_SNAPBACK}>
    Hey,

    Why not use OAuth and ask the user for for permission to access his/her guid? Since its in a private group, I'm sure the user wouldnt mind allowing you read only access to their social profile. That way you can keep the guid in your db and identify the user and you've also explicitly asked the user for consent which seems like a pretty good solution.

    Another alternative is to use OpenId (if you do intend to accept users from any openId provider).

    -- Nagesh

    Thanks Nagesh,
    I have a user profile setup nearly ready to use.It doesn't associate with the yahoo profile at all.So, I am content with that. If the pages were public, i would rather use oauth, and to be blunt would have done so and not queried anything. But, in a small private group, I will use my own.
    0

Recent Posts

in YQL