NYCPHP Meetup

[mikesz at qualityadvantages.com]

Hello NYPHP,

Having been recently hacked and several of my webmaster email account
names being hijacked by spammers, I am looking for viable solutions to
safeguard my websites and the membership of these sites.

I just ran across some discussion about openID (yes, I have been in a
cave now for some time, lol) and am skeptical that the primary motivation
is altruistic like when g$$gle first came on the scene, it too "looked like"
a good thing for the planet but evolved into the world's biggest $$$ machine
that is likely, if not already, to make micro$ look like chump change.

I sense rather that OpenID is yet another marketing ploy to rake in
huge piles of cash rather than provide warmth and security that it
touts in its hype. Already, I see lots of RED FLAGS about being highly
susceptible to phishing, like what isn't these days.

All of my websites run php forum and CMS software of varying flavors
so I am not convinced that OpenID is a viable solution to secure them
against the kinds of attacks I have see recently and wonder about the
integrity of a system that claims (from phpMyID):

    * The whole point of OpenID is to allow you to manage your own identity, and phpMyID lets you do that without giving control to a third party.
    * It's easy to install and easy to configure. Edit just a few lines in your config file, and you're off and running!
    * Allows "Smart Mode OpenID" (more secure) transactions, even if you don't have a "big math" library available. Seriously, phpMyID comes with a pure-PHP math library which can be used if you want to demand that extra level of security.
    * Ensures secure password transmission even if you don't have SSL! By using HTTP Digest authentication, phpMyID ensures your password is never sent or stored anywhere in clear or decypherable text.

I would really appreciate an eye opener on this one. It looks like
more flim flam to me.

-- 
Best regards,
 mikesz                          mailto:mikesz at qualityadvantages.com