[nycphp-talk] OpenID is what?
mikesz at qualityadvantages.com
mikesz at qualityadvantages.com
Wed Oct 29 22:15:06 EDT 2008
Hello NYPHP,
Having been recently hacked and several of my webmaster email account
names being hijacked by spammers, I am looking for viable solutions to
safeguard my websites and the membership of these sites.
I just ran across some discussion about openID (yes, I have been in a
cave now for some time, lol) and am skeptical that the primary motivation
is altruistic like when g$$gle first came on the scene, it too "looked like"
a good thing for the planet but evolved into the world's biggest $$$ machine
that is likely, if not already, to make micro$ look like chump change.
I sense rather that OpenID is yet another marketing ploy to rake in
huge piles of cash rather than provide warmth and security that it
touts in its hype. Already, I see lots of RED FLAGS about being highly
susceptible to phishing, like what isn't these days.
All of my websites run php forum and CMS software of varying flavors
so I am not convinced that OpenID is a viable solution to secure them
against the kinds of attacks I have see recently and wonder about the
integrity of a system that claims (from phpMyID):
* The whole point of OpenID is to allow you to manage your own identity, and phpMyID lets you do that without giving control to a third party.
* It's easy to install and easy to configure. Edit just a few lines in your config file, and you're off and running!
* Allows "Smart Mode OpenID" (more secure) transactions, even if you don't have a "big math" library available. Seriously, phpMyID comes with a pure-PHP math library which can be used if you want to demand that extra level of security.
* Ensures secure password transmission even if you don't have SSL! By using HTTP Digest authentication, phpMyID ensures your password is never sent or stored anywhere in clear or decypherable text.
I would really appreciate an eye opener on this one. It looks like
more flim flam to me.
--
Best regards,
mikesz mailto:mikesz at qualityadvantages.com
More information about the talk
mailing list