OpenID (was Re: [clug] Re: Using a forum system for CLUG)

Daniel Pittman daniel at
Tue May 5 01:03:41 GMT 2009

David Schoen <neerolyte at> writes:

G'day David.


> Another option might be to make registration trivial by using openids?
> (Don't really know if this is viable as I don't know much about them
> though).

OpenID is, by design, trivially vulnerable to "phishing" attacks;
I wouldn't advise using it for anything in production until those
problems are resolved.

More recently:

If you do use it, assume that the authentication details will be stolen
if they have any commercial value at all, and keep in mind that DNS
hijacking is still fairly trivial...


More information about the linux mailing list