[development] OpenId open to phishing attacks.

Augustin (Beginner) drupal.beginner at wechange.org
Wed Nov 7 06:58:45 UTC 2007

On Wednesday 07 November 2007 14:28, Derek Wright wrote:
> Phishing is inherently about tricking humans into compromising
> their   own security.  OpenID isn't unique in this regard -- look
> at how well many phishing operations work, regardless of the
> underlying authentication mechanism.

Ok, thanks.
However, it seems to me that the OpenId protocol seems to make 
phishing easier. I agree that there is no perfect solution, but there 
is no need to actually make it easy to con the users.
I followed some of the links, read the discussion:

OpenID: Phishing Heaven

Solving the OpenID phishing problem

I'll look if the later can be implemented for Drupal in a few months 
from now.



More information about the development mailing list