WebApp Sec mailing list archives
Re: OpenID and the web
From: "Razi Shaban" <razishaban () gmail com>
Date: Thu, 27 Mar 2008 13:47:29 +0200
On 3/27/08, Babu.N <babun () intoto com> wrote:
Yes, it is difficult to configure it for supporting sites. But it does save us from registering at multiple webistes & remembering the passwords of each of them.
It also makes it that much simpler for a malicious user to gain access to every account you have after getting the password for only one. If you use a different account name and password at every single website, then if one account is compromised then all your other accounts are safe. -- Razi ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this Whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=70170000000940F -------------------------------------------------------------------------
Current thread:
- OpenID and the web Steven Rakick (Mar 25)
- Re: OpenID and the web David Wall (Mar 25)
- Message not available
- Re: OpenID and the web David Wall (Mar 25)
- Message not available
- Re: OpenID and the web David Wall (Mar 25)
- Re: OpenID and the web Adrian Migraso (Mar 25)
- Re: OpenID and the web Eric Marden (Mar 26)
- Re: OpenID and the web Babu.N (Mar 26)
- Re: OpenID and the web Razi Shaban (Mar 27)
- Re: OpenID and the web Jeff Robertson (Mar 27)
- RE: OpenID and the web Calderon, Juan Carlos (GE, Corporate, consultant) (Mar 27)
- Re: OpenID and the web Lucas Oman (Mar 27)
- Re: OpenID and the web Razi Shaban (Mar 27)
- Re: OpenID and the web Babu.N (Mar 26)
- Re: OpenID and the web David Wall (Mar 27)
- Re: OpenID and the web Jeremiah Cornelius (Mar 27)
- RE: OpenID and the web Chris Grove (Mar 28)
- <Possible follow-ups>
- Re: OpenID and the web Pete Jansson (Mar 27)
- Re: OpenID and the web baldr (Mar 27)