Menu
I'm writing a web application that allows anyone to register (using their OpenID). When a user registers, their OpenID is saved in a MySQL database.
My question is: In which format should I be storing a user's OpenID value?
If someone were to gain access to my database (I'm planning for the worst case scenario) - would it be an issue that the user's OpenID can be viewed unencrypted? Should i be encrypting it when it goes into storage?
426
There is no real benefit in protecting their open id: that's the whole point of it!
OpenID is made so that the "secure info" is not available at the intermediary sites where you use it - the only secure info is held at the OpenID Provider (the site where you actually enter your password).
A compromised database on your site means that the attacker will know who your users are, but nothing more, nothing less.
186
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
