Jump to content

Welcome to DevFuse Forums

Sign In  Log in with Facebook

Create Account
Welcome to DevFuse Forums, like most online communities you must register to view or post in our community, but don't worry this is a simple free process that requires minimal information for you to signup. Be apart of DevFuse Forums by signing in or creating an account.
  • Start new topics and reply to others
  • Subscribe to topics and forums to get email updates
  • Get your own profile page and make new friends
  • Send personal messages to other members.
Guest Message by DevFuse

(View All Products)Featured Products

  • Donations

    Help fund your forum with donations, setup goals and track member donations. Offer rewards for members donating.
  • Timeslips

    Have your members submit their race times and share with others.
  • Videos

    Allows your members to submit their own videos for community viewing. Support is included for all the major video sites.
  • Forms

    Build your own forms for your members without coding experience. Support included for pm, email and topics.
  • Collections

    Build a community database of items for your members. Full features custom fields included.


OpenID Security Update for IP.Board 3.0.2

  • Please log in to reply
No replies to this topic

#1 News Bot

News Bot

    Dedicated Member

  • Members
  • PipPipPipPipPip
  • 1,909 posts
  • IP.Board Version:N/A

Posted 26 August 2009 - 09:07 AM

OpenID Security Update for IP.Board 3.0.2

We are investigating issues related to OpenID not completely authenticating data which can result in the security of your community being compromised. This issue can only impact your community if you have enabled OpenID logins as the OpenID is disabled when IPS ships IP.Board releases.

Protecting Your IP.Board

There are two methods to protect your community.

Method 1: Disable OpenID

The easiest fix is to simply disable OpenID logins. These login systems are disabled by default in IP.Board so unless you have specifically turned on OpenID you are already protected. This screen shot shows you what to look for in your AdminCP:

  • Click "Log In Management" in the AdminCP
  • Look for OpenID in the list. If there is already a red "X" then OpenID is disabled and your community is safe from this issue.
  • If you see a green check: disable OpenID by clicking the drop-down menu to the right, edit details, and set "Log In Enabled" to "No"

If OpenID is disabled and you do not use/need this login method you do not need to do anything further.

Method 2: Upload Source File

If OpenID is in use in your community and you need to keep it enabled simply upload the attached file to your forums directory. The path is included in the zip file and it is just one file.

 260809.zip (5.17K)
: 67

Support services note: as this update is a single-file update or the issue can be eliminated by simply disabling OpenID in the AdminCP we do request that clients apply either the setting or file fix themselves if possible. The 3.0.2 download has been updated as of the time of this announcement.

Source: Click Here

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users