SimpleID

Version 0.8.4 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.4 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.4 The version mainly targets bug fixes. Enhanced compatibility with Suhosin Fixes to the PEAR package User interface improvements, with fixes to links to the SimpleID web site. For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]

Version 0.8.4 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.4 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.4 The version mainly targets bug fixes. Enhanced compatibility with Suhosin Fixes to the PEAR package User interface improvements, with fixes to links to the SimpleID web site. For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]

One of the current features of SimpleID is the ability for you to log in securely without using a HTTPS connection. It does so by sending a digest of your password (generated using Javascript on your browser) to SimpleID instead of the ... [More] password itself. This feature was created at a time when SSL certificates and servers supporting HTTPS connections are not widely available, or relatively expensive. However, since that time, both SSL certificates and web hosting services have become very cheap. One of the limitations of the digest feature is that passwords have to be stored as simple MD5 hashes in your identity file. More secure hashing algorithms and techniques (e.g. salts) are not supported. Given the increasing sophistication of security attacks, the next major release of SimpleID will require connections using HTTPS. This means your web server will need to be able to support these connections, and you may need to obtain an SSL certificate. read more [Less]

Download SimpleID 0.8.4 Version 0.8.4 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.4 is strongly recommended. To download, go to ... [More] the download page. Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. read more [Less]

One of the current features of SimpleID is the ability for you to log in securely without using a HTTPS connection. It does so by sending a digest of your password (generated using Javascript on your browser) to SimpleID instead of the password ... [More] itself. This feature was created at a time when SSL certificates and servers supporting HTTPS connections are not widely available, or relatively expensive. However, since that time, both SSL certificates and web hosting services have become very cheap. One of the limitations of the digest feature is that passwords have to be stored as simple MD5 hashes in your identity file. More secure hashing algorithms and techniques (e.g. salts) are not supported. Given the increasing sophistication of security attacks, the next major release of SimpleID will require connections using HTTPS. This means your web server will need to be able to support these connections, and you may need to obtain an SSL certificate. The roadmap for SimpleID will then be like this: The current branch (0.8) is becoming stable, and will eventually end up as version 1.0 All new features will be done on the next major release, version 2.0, and will require HTTPS connections. I have created a survey to get a feel on the potential impact of this proposal on users. It would be great if you could provide your feedback using this form. The proposal will be refined based on your feedback. [Less]

One of the current features of SimpleID is the ability for you to log in securely without using a HTTPS connection. It does so by sending a digest of your password (generated using Javascript on your browser) to SimpleID instead of the password ... [More] itself. This feature was created at a time when SSL certificates and servers supporting HTTPS connections are not widely available, or relatively expensive. However, since that time, both SSL certificates and web hosting services have become very cheap. One of the limitations of the digest feature is that passwords have to be stored as simple MD5 hashes in your identity file. More secure hashing algorithms and techniques (e.g. salts) are not supported. Given the increasing sophistication of security attacks, the next major release of SimpleID will require connections using HTTPS. This means your web server will need to be able to support these connections, and you may need to obtain an SSL certificate. The roadmap for SimpleID will then be like this: The current branch (0.8) is becoming stable, and will eventually end up as version 1.0 All new features will be done on the next major release, version 2.0, and will require HTTPS connections. I have created a survey to get a feel on the potential impact of this proposal on users. It would be great if you could provide your feedback using this form. The proposal will be refined based on your feedback. [Less]

Version 0.8.3 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.3 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.3 The version mainly targets bug fixes. Enhanced compliance with OpenID specifications, with fixes to XRDS discovery for compatibility with Blogger. For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. SimpleID continues to enhance its compliance against the OpenID specification. This means that SimpleID will report more warnings on web sites which does not fully implement the OpenID specification. In particular, expect to see many more return_to discovery failure warnings. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]

Download SimpleID 0.8.3 Version 0.8.3 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.3 is strongly recommended. To download, go to ... [More] the download page. Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. read more [Less]

Version 0.8.2 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.2 is strongly recommended. To download, go to the download page. Please note that while the software may work, it may also ... [More] have gaping security holes and other nasty bugs. Use at your own risk. What’s new in SimpleID 0.8.2 The version mainly targets bug fixes and minor feature improvements. User interface enhancements, with enhancements to detect missing PHP extensions. For further details on the enhancements, please see the milestone page for this release. Installing and Upgrading If you are upgrading from an earlier version of SimpleID, please read: the general upgrade instructions on this web site; and UPGRADE.txt included in the distribution for upgrade instructions. Known Issues Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. A known issue exists when attempting to log into Blogger using SimpleID. A patch is available for www/html/template.xtpl which will fix this issue. This patch will be included in the next release. For further information, please see here. SimpleID continues to enhance its compliance against the OpenID specification. This means that SimpleID will report more warnings on web sites which does not fully implement the OpenID specification. In particular, expect to see many more return_to discovery failure warnings. Support SimpleID If you enjoy using SimpleID, please consider making a donation to support the ongoing development work. To find out more on how to donate, visit the donation page. Your donation is very much appreciated. [Less]

Download SimpleID 0.8.2 Version 0.8.2 of SimpleID, a simple, personal OpenID provider written in PHP, has been released. Upgrading to version 0.8.2 is strongly recommended. To download, go to ... [More] the download page. Please note that while the software may work, it may also have gaping security holes and other nasty bugs. Use at your own risk. read more [Less]