Beta version 0.6 of SimpleID, a simple, personal OpenID provider written in PHP, has been released.
Upgrading to version 0.6 is strongly recommended. To download, go to SourceForge.
What's new in SimpleID 0.6
More secure. SimpleID 0.6 contains a number of security enhancements. These include:
Digest authentication. Previous versions of SimpleID sends your password as plain text to the server. A new authentication process has been implemented so that your password is never sent as plain text. Note that this may require some changes to your configuration options. See Installing and upgrading below.
Protection against automated attacks. Form handling code has been enhanced to prevent automated attacks.
More convenient. SimpleID version 0.6 new has the ability to remember your login.
Installing and Upgrading
SimpleID version 0.6 introduced a new log in system. The new system allows you to log in to SimpleID without sending your password in plain text. Your password is used to create a cryptographic digest, which is then sent to the SimpleID server and verified.
As a result, you need to be aware of two things:
By default, SimpleID version 0.6 will not accept logins under the legacy system. You can override this by putting the following line in your config.inc:
Some users continue to report authentication issues when using SimpleID. These are being investigated.