OpenID (was Re: [clug] Re: Using a forum system for CLUG)
Daniel Pittman
daniel at rimspace.net
Tue May 5 01:03:41 GMT 2009
David Schoen <neerolyte at gmail.com> writes:
G'day David.
[...]
> Another option might be to make registration trivial by using openids?
> (Don't really know if this is viable as I don't know much about them
> though).
OpenID is, by design, trivially vulnerable to "phishing" attacks;
I wouldn't advise using it for anything in production until those
problems are resolved.
http://lists.danga.com/pipermail/yadis/2005-June/000470.html
http://www.itweek.co.uk/2184695
http://openid.marcoslot.net/
More recently:
http://www.links.org/?p=187
http://www.links.org/?p=188
If you do use it, assume that the authentication details will be stolen
if they have any commercial value at all, and keep in mind that DNS
hijacking is still fairly trivial...
Regards,
Daniel
More information about the linux
mailing list