Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Flippantly calling people "haters" because they see legitimate flaws in something you like is as offensive and juvenile as calling people "fanbois" because they see legitimate benefits in something you dislike.

The difference between OpenID and independent authentication is that if PM was compromised as an independent site, just PM is affected. If it was compromised as an OpenID provider, then everyone who accepts its authentication information is affected until the situation is noticed.

It makes OpenID providers sweet targets not just for what their sites offer on-site, but for who trusts their credentials. The consumer as the real target of an attack will not just have their own software and network as attack vectors, but all the software and all the networks of every site they trust. When the weakest one falls, there are people with illegitimate access to the real target even if their security was otherwise flawless.

I'll use your example of Governor Palin's weak password which was guessed by the son of a political rival. We can either have the Governor's personal email compromised and stop at that, or we can have some punk kid posting all over the Internet as the Governor of Alaska for a couple of days before people realize what is happening. I certainly know which I prefer.

It's bad enough that by having all of Yahoo under one login structure he could have impersonated her rather than exposing her email messages. This kid could have signed her up for personal ads and joined potentially objectionable discussion groups. He could have participated in sexually charged chat as her in the chat rooms and used Yahoo messenger to start flirting with state interns. Then, instead of showing that her account was compromised, he could have just announced what the account had done and who the account holder was. That could have been a much bigger political scandal than what came to pass.


In reply to Re^2: PerlMonks OpenID provider? by mr_mischief
in thread PerlMonks OpenID provider? by friedo

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (4)
As of 2024-03-29 11:30 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found