Security

The underlying XRD files will be retrieved via SSL when possible, with fallback to normal HTTP. In the latter case, the XRD files need to have valid signatures in order to be seen as secure.

The XRD subject is also verified. When it does not match the host name of the email address, then the information are seen as insecure.

You should not trust the information if they are not secure.

<?php
require_once 'Net/WebFinger.php';
$wf  = new Net_WebFinger();
$react $wf->finger('user@example.org');
if (!$react->secure) {
    die("Those data may not be trusted\n");
}
?>

You often still want to use the data, since not all hosts have SSL enabled.

Link access (Previous) Error handling (Next)
Last updated: Sat, 16 Feb 2019 — Download Documentation
Do you think that something on this page is wrong? Please file a bug report.
View this page in:
  • English

User Notes:

There are no user contributed notes for this page.