[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Julian Hall wrote: > > I would hope that the OpenID developers have been sensible enough to > have one of those graphical 'type what you see above to prove you're > human' verification pages to prevent hackers using bots to create bulk > OpenIDs. Failing that, prevent IDs being created too often from the > same IP address/machine e.g. stop them registering new IDs more than > once every 5 minutes. That way 10,000 OpenIDs (for example) would take > 34.72 days - I doubt any hacker is that patient. Doesn't work that way, it is distributed, the spammers can just create their own OpenID provider, and set their own rules for account creation. This is what I mean by a lack of trust. You could of course decide not to trust an OpenID provider, but they would just create another, and another.... It is to prove identity, not stop spam or other abuses. This is similar to the SPF issue, which stops forgery of email "from" domain, but doesn't stop spammers using their own domains.
Attachment:
signature.asc
Description: OpenPGP digital signature
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html