Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’m writing a web application that allows anyone to register (using their OpenID). When a user registers, their OpenID is saved in a MySQL database.
My question is: In which format should I be storing a user’s OpenID value?
If someone were to gain access to my database (I’m planning for the worst case scenario) – would it be an issue that the user’s OpenID can be viewed unencrypted? Should i be encrypting it when it goes into storage?
There is no real benefit in protecting their open id: that’s the whole point of it!
OpenID is made so that the “secure info” is not available at the intermediary sites where you use it – the only secure info is held at the OpenID Provider (the site where you actually enter your password).
A compromised database on your site means that the attacker will know who your users are, but nothing more, nothing less.