[wp-hackers] Should OpenID be in WP core?
ag.ml2007 at zirona.com
Thu Mar 8 14:17:20 GMT 2007
On Thu, 2007-03-08 at 09:04 -0500, Elias Torres wrote:
> For example, on comments, the first time someone posts with a OpenID
> identity it goes in the moderated queue. If you approve it, then we
> could say that you've allowed her access for future posts and these will
> no longer get placed in the moderated queue.
As I said in my first message, I haven't used OpenID so far, but have
read a bit about it.
However, especially with the comments, this gives me the following
question: Let's assume I'm a spammer. I would go to your form and just
enter *some* URL which I assume could be involved via OpenID. I could
increase my success rate by checking which other URLs have already
commented on this article or blog.
By the way, wouldn't this try'n'error method just work with any OpenID
based authentication? Or is there a major point I'm missing?
Alex Günsche, Zirona OpenSource-Consulting
work: http://www.zirona.com/ | leisure: http://www.roggenrohl.net
PubKey for this address: http://www.zirona.com/misc/ag.ml2007.asc
More information about the wp-hackers