Home/ Questions/Q 927391
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-15T19:50:47+00:00

Are OpenID Identity URLs considered sensitive information? For example, is it safe to store

  • 0

Are OpenID Identity URLs considered sensitive information? For example, is it safe to store plain text OpenID Identity URLs in a DB or whatnot?

I can’t think of any reason that you shouldn’t… but damn am I good at being wrong sometimes!

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In my opinion, it should be considered secret. It’s safe to store in DB’s as plain text, but I wouldn’t go around displaying people’s OpenID’s for anyone to view. There are numerous reasons, some being:

    • It’s not neccessary
    • It (combined with the password) is the key to a lot of doors; thus it looks quite juicy to an attacker
    • On individual websites you can customise your identity; if the OpenID is public on each of these, it would be possible to gather information about somebody who has tried to maintain independance on various sites

    It’s not critical that it remains private, however, hence the extra effort to hash (and salt/etc) it is not really neccessary. It just creates another place to maintain a bit of complexity, and an area that could go wrong. That said, if I saw it done, I wouldn’t really be upset about it.

    Certainly, I think it is wrong to consider an OpenID as a public bit of information.

    • 0