[Opensim-dev] OpenID
Diva Canto
diva at metaverseink.com
Mon Mar 2 22:00:24 UTC 2009
The more I read about OpenID the more concerns I have that it's unsafe
-- not just for OpenSim but in general. It seems that OpenID is a
wonderful opportunity for phishing sites to get access to people's
passwords directly.
The flaw is that it assumes that the initial site is trustworthy. That's
a huge assumption! Try to use your OSGrid OpenID-ed account in a future
version of DNCH... it will direct you to a page that will look like
OSGrid's login page, and then it will steal your password as you type it.
Is this serious?! Maybe I'm missing something fundamental...
<puzzled>
Crista
More information about the Opensim-dev
mailing list