[security] how secure is openid? advise pls..
Balasubramanian G
mccbala at gmail.com
Mon Feb 9 19:12:17 UTC 2009
Unfortunately.. since the site is based in india, and 90% users are indians
i cannot use callverifID too..
Warm Regards
Balasubramanian
Doug Larson - "Instead of giving a politician the keys to the city, it
might be better to change the locks."
On Tue, Feb 10, 2009 at 12:35 AM, kevin lochner <klochner at gmail.com> wrote:
> On my openid account i've enabled phone authentication (CallVerifID), so
> any time I log in I get a phone call (press "#" to login). Seems pretty
> bomber to me, maybe you could recommend your users do the same.
>
>
>
> On Feb 9, 2009, at 2:02 PM, Balasubramanian G wrote:
>
> Dear all,
>>
>> I recently started working upon making my site openid enabled. when i was
>> having a talk with my friend abt this, he pointed a series of articles in
>> the internet which describe the vulnerabilities in using openid. Though my
>> site does not deal with any sensitive data, i just want to make sure that
>> its safe to the users if not 100%, atleast to the max extent.
>>
>> So, pls advise me on how secure is openid and wht safety measures should i
>> implement in order to make it more safe as i am answerable to the users of
>> my site if they raise the question of security.. Reply ASAP
>>
>> Warm Regards
>> Balasubramanian
>> _______________________________________________
>> security mailing list
>> security at openid.net
>> http://openid.net/mailman/listinfo/security
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-security/attachments/20090210/d23685ee/attachment-0002.htm>
More information about the security
mailing list