Klaas Bals' Blog

As I explained before, I am now using OpenID Delegation. Thinking about it, as a result of me doing the Delegation, I'm making my website a single point of failure. Not only for reliability (when my website goes down, I won't be able to login with my OpenID on any site anymore), but also for security. If someone can hack my website, he can modify the OpenID delegation so that it points to his OpenID and so he can login using my account that does delegation to his account with his password.

So hacking into a website of someone using OpenID Delegation can all of a sudden be a lot more interesting. I should really keep my Drupal version up to date...

Side-project thought: It may be interesting to have a service that regularly checks my website to see if it still points to the OpenID provider I've configured, and not to someone else's. It could notified me whenever my site's been hacked. Maybe doing this for people running a Drupal site is part of a service Acquia can add to their list?