IndieAuth is super super cool and a vital component to get back control of the i... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		omneity on Oct 11, 2023 \| parent \| context \| favorite \| on: Show HN: Obligator – An OpenID Connect server for ... IndieAuth is super super cool and a vital component to get back control of the internet to users, but I can't shake up the security concerns. Also, near the end of the article. Using a security nightmare such as Wordpress as your identity provider, what could go wrong? It only takes one single rogue plugin.

apitman on Oct 12, 2023 [–]

What security concerns specifically?

omneity on Oct 17, 2023 | [–]

Someone breaking into a Wordpress install due to a plugin's 0-day for example, and then being able to log into all the accounts managed by that WP's openID server.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact