OpenID (was Re: [clug] Re: Using a forum system for CLUG)
daniel at rimspace.net
Tue May 5 01:03:41 GMT 2009
David Schoen <neerolyte at gmail.com> writes:
> Another option might be to make registration trivial by using openids?
> (Don't really know if this is viable as I don't know much about them
OpenID is, by design, trivially vulnerable to "phishing" attacks;
I wouldn't advise using it for anything in production until those
problems are resolved.
If you do use it, assume that the authentication details will be stolen
if they have any commercial value at all, and keep in mind that DNS
hijacking is still fairly trivial...
More information about the linux