[英]Are OpenID Identity URLs sensitive information?
Are OpenID Identity URLs considered sensitive information? OpenID身份URL是否被视为敏感信息? For example, is it safe to store plain text OpenID Identity URLs in a DB or whatnot? 例如,将纯文本OpenID身份URL存储在数据库中是否安全?
I can't think of any reason that you shouldn't... but damn am I good at being wrong sometimes! 我想不出你不应该这样做的任何理由......但是我该擅长做错了!
In my opinion, it should be considered secret. 在我看来,它应该被视为秘密。 It's safe to store in DB's as plain text, but I wouldn't go around displaying people's OpenID's for anyone to view. 将数据库存储为纯文本是安全的,但我不会随意显示人们的OpenID以供任何人查看。 There are numerous reasons, some being: 原因很多,有些是:
It's not critical that it remains private, however, hence the extra effort to hash (and salt/etc) it is not really neccessary. 然而,它保持私有并不重要,因此哈希(和盐/等)的额外努力并非真正必要。 It just creates another place to maintain a bit of complexity, and an area that could go wrong. 它只是创造了另一个地方来保持一点复杂性,以及一个可能出错的区域。 That said, if I saw it done, I wouldn't really be upset about it. 也就是说,如果我看到它完成了,我真的不会为此感到沮丧。
Certainly, I think it is wrong to consider an OpenID as a public bit of information. 当然,我认为将OpenID视为公共信息是错误的。
The OpenID is, basically, the User Name portion of a login. OpenID基本上是登录的用户名部分。 You don't need to treat it with any more security that you would any other UserID. 您不需要使用任何其他UserID的安全性来处理它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.