0

Is lightopenID safe to use in a project you intend to publish, since the current version is 0.4

jonnnnnnnnnie
  • 1,219
  • 3
  • 15
  • 24
  • 3
    Version numbers say little about maturity and security. Did you look at the code? Did you find anything of concern? – mario Apr 10 '11 at 22:44

1 Answers1

1

You might want to ask this question on security.stackexchange.com.

It is very difficult to say weather software is "safe to use". I am sure that lightOpenID isn't malware as I took a look at the source code and I use it in some of my projects.

I don't know how many people are actually using it in a project, but it is starred by 55 users. This might be an indicator that there are no obvious bugs which could be exploited.

The project version doesn't mean anything as far as I know. It is officially hosted at github. I am not quite sure, but I think the project owner doesn't even use version numbers on github.

Even if lightOpenID is save, you will have to implement some code by your own (e.g. the database part). This might bring some security holes into the system. As lightOpenID is very lightweight, I guess there can't be many security holes. But this is a very optimistic point of view without having checked the code for exploits or bugs.

If you need a secure OpenID solution I'd suggest janrain. Google recommended them as a secure solution for OpenID. But this way you will give the data of your users away and it's possible that you have to pay for it.

Community
  • 1
  • 1
Martin Thoma
  • 124,992
  • 159
  • 614
  • 958