6
0
I currently have one OpenID that I use from a provider, it's something like:
http://www.example.com/miffthefox/
However, I want to be able to type the address of my personal website instead of the OpenID, yet still be able to use example.com as the OpenID provider. It seems I can do this via OpenID delegation, by adding the right meta tags to my personal home page, I can redirect it to my OpenID provider.
However, since my personal home page is public, I'm worried about other users visiting my site and grabbing my OpenID. Is this something I should be worried about?
MiffTheFox
Posted 2009-10-05T20:11:33.617
Reputation: 3 032
2
It gives people just one more piece of the puzzle to hack you. I wouldn't: http://www.codinghorror.com/blog/archives/001262.html
– hyperslug – 2009-10-05T20:16:42.4031@hyperslug, you wouldn't? but you advertise your email in your profile. It can be hacked the same way. – John T – 2009-10-06T00:05:06.610
1@John, it depends on what's being protected by that OpenID. One's bank might be protected by SSL, yet it's unwise to post your login id + bank. – hyperslug – 2009-10-06T09:04:35.673
someone can grab your openid details if they got access to your email. – John T – 2009-10-06T10:40:13.017
1@John, that's true, so I also wouldn't advocate exposing an email address connected to your OpenID, which the one in my profile isn't. – hyperslug – 2009-10-06T16:42:39.087