Skip to:

Forum Replies Created

Viewing 1 replies (of 1 total)

  • philipashlock


    The first MAJOR flaw I see in this design, is that all it takes is one website to put up password stealing/sniffing code, and now you’ve given your twitter password to anyone with access to the sites malicious intentions.

    OpenID and oAuth were designed very much to prevent the spreading or co-opting of passwords. Until recently many services like Twitter let other services accept their user passwords, but now oAuth routes authorization requests to the appropriate authority.

    The second MAJOR flaw I see from a developers standpoint is that you as a site administrator no longer have control over the user data that is using your website.

    I don’t really follow this, but I also don’t think he’s describing the situation very accurately.

    I don’t plan on using Facebook for the rest of my life, so when I delete my account in a few years, that means I can no longer use your site without creating a new profile.

    This is no different than, “what if I cancel my email account”

    The nice thing about OpenID is that most good implementations will allow multiple ways of accessing the account (either multiple OpenIDs or the option of logging in with the native account username/email)

    Also, if I’m logged into facebook on my computer, and close facebook, and then my girlfriend walks over

    This isn’t unique to single-sign on services. Any time you fail to log-out of an account and give access to someone else, your account can be compromised.

Viewing 1 replies (of 1 total)
Skip to toolbar