对您的网站使用OpenID有哪些危险? [英] What are the dangers of using OpenID for your website?

问题描述

比方说，我创建了一个类似于StackOverFlow的网站，并决定使用OpenID.是什么防止我或其他任何人仿冒该ID?也就是说，您如何才能真正知道任何网站都在使用OpenID而不假装呢?以及如何保护自己免受这种侵害?

Let's say I create a website like StackOverFlow and decide to use OpenID. What's to prevent me, or anyone else for that matter, from phishing the ID's? That is, how can you truly know that any website is using OpenID and not pretending to? And how do you protect myself against this?

对此进行扩展，比如说一个站点确实危害了您的openID凭据，难道他们不能在其他每个使用openID(全局密码黑客)的站点上使用它吗?那么，您的openID的安全性是否会仅与最弱的网站/提供者一样强大?

Expanding on this, let's say one site did compromise your openID credentials, couldn't they use it on every other site using openID (a global password hack)? Wouldn't then the security of your openID then only be as strong as the weakest website/provider?

推荐答案

您输入的只是ID，没有密码.该ID是公开的，因此网络钓鱼"不是安全漏洞.一些提供商甚至为所有用户使用相同的ID，例如，一个Google帐户的ID始终为https://www.google.com/accounts/o8/id.有关详细说明，请参见维基百科文章.

All you enter is the ID, no password. The ID is public, therefore "phishing" it is not a security hole. Some providers even use the same ID for all users, for instance the ID for a google account is always https://www.google.com/accounts/o8/id. See the Wikipedia article for a more detailed explanation.

这篇关于对您的网站使用OpenID有哪些危险?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！