21 Jul
2009
21 Jul
'09
11:21 p.m.
On Tue, Jul 21, 2009 at 10:32 PM, Scott Ritchiescott@open-vote.org wrote:
For those new to the story, OpenID is incredibly insecure. See for example http://marcoslot.net/apps/openid/ http://www.gnucitizen.org/blog/hijacking-openid-enabled-accounts/ http://www.techafina.com/posts/openid-benefits-and-risks/ http://kuza55.blogspot.com/2007/01/insecure-openid-features.html
... is there still a risk if we restrict the allowed OpenID providers to the main WineHQ one?
Not as big a risk. However Yahoo's usability studies make me worry that it would be cumbersome. It's a big, fluffy, ill-designed web API, and that kind of thing usually makes me want to run away screaming. - Dan