All geek questions in one place

How to securely store an OpenID user

I am writing a web application that allows you to register (using OpenID). When a user logs in, their OpenID is stored in the MySQL database.

My question is: in what format should I store the user's OpenID value?

If someone needs to access my database (I plan the worst case scenario) - would it be a problem that the OpenID user can be viewed unencrypted? Should I encrypt it when it is sent for storage?

+4
source share
3 answers

There is no real benefit to protecting their public identifier: all of this!

OpenID is created in such a way that "secure information" is not available on intermediate sites where you use it - the only secure information is stored in the OpenID provider (the site on which you really enter your password).

A compromised database on your site means that the attacker finds out who your users are, but no more, no less.

+10
source

This is one of those things that depends on personal taste, but MySQL offers some encryption features that you might want to consider.

http://dev.mysql.com/doc/refman/5.1/en/encryption-functions.html

0
source 
  In which format should I be storing a user OpenID value?

Even if someone has access to the openid stored in your database, this information will be useless for him, since this is only the URL that asks for user authentication information when they are executed.

Therefore, you do not need to worry about it.

Openid providers will take care of this if the entered data is correct or not.

0
source

Source: https://habr.com/ru/post/1299875/

More articles:


All Articles