I've noticed that drupal supports a thing called OpenID which i use on certain sites, including mine. Can portableapps.com start supporting this feature? thanks
New: OneLoupe (May 1, 2025), Platform 30.0.2 (Mar 27, 2025)
1,100+ portable packages, 1.2 billion downloads
Ad Free! Please donate today
I've noticed that drupal supports a thing called OpenID which i use on certain sites, including mine. Can portableapps.com start supporting this feature? thanks
I believe only Drupal 6 supports OpenID. When the site is upgraded to Drupal 6, it may of may not be supported. I don't know what John's plan is.
Also, OpenID will have to be for new users, since you can't associate.
(This will also get a prob with nicks.)
Insert original signature here with Greasemonkey Script.
what do u mean for the new users?
drupal 6 allows the users to add open ids to there accounts and log into them threw that
my account on my website is linked up with two id's
Na na na, come on!
OpenID has imho more disadventages then advantages.
Like?
If you talk about security, myOpenID support two-factors authentication. I have my account set-up to accept a phone call on my cellphone when I need to get into myOpenID login, which I have to do once per session or longer if I keep a cookie to extend over multiple sessions.
If I get affected by a keylogger, the attacker still need physical access to my cellphone to gain control of my account, which is unlikely to happen both at the same time.
A clarification to make sure that we are talking about the same thing: I presume taht you are not talking about OpenID delegation or provision (meaning that you could use portableapps.com as your OpenID). Instead, I believe that you are meaning using OpenID authentication.
Drupal 5 (which this site currently runs) supports OpenID authentication through the OpenID module.
Drupal 6 (which John is trying to upgrade to as soon as module support is ready) supports OpenID authentication through the core module OpenID (included by default, just not enabled - see the Core - Optional section of page Administration > Site building > Modules) See the OpenID section of http://drupal.org/drupal-6.0 for more details about it.
By "new users", digitxp means the following, to do with Drupal's handling of OpenIDs:
When you log in with an OpenID, the Drupal site redirects you to that page for authentication. On success, it creates a new account, with the username being not "digitxp", "chrism" or "John T. Haller", but instead, example.provider.com.
As far as I know (and I don't know very far, either version may support it, or both; up here dbdii407 says it does support it) a user such as digitxp cannot associate his account with an OpenID.
jps: I don't think that OpenID has more disadvantages than it has advantages; I just think that it's probably too late for portableapps.com to adopt it now, unless you can do post-registration OpenID associations, in which case, I'm all for it. I might test it sometime soon.
I am a Christian and a developer and moderator here.
“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1
I'm not really sure I get OpenID. With it, your identity is not a name or even a username, but a domain name.
At least with something like MS Passport (which I believe is defunct now), you get a unique username that people can identify you by. I hardly see what a domain name does to identify you. Especially since most tend to just ignore domains when reading if they're not specifically looking for links.
u enter in the domain given to u or chose by u. and after u click login, your redirected to that domain and asked to verify urself with a username and password. if u verify correctly. all your info is transfered to the site supporting openid so you dont have to type it all in.
Na na na, come on!
Please note that OpenID is delegated by an HTML tag, and does not need to be attached to a domain name. In other words, I could set up an OpenID page at http://chrismorgan.info, or I could set it up so that it was http://chrismorgan.info/user/1, or anything else, with the right Drupal module, or even with some custom code. It can be any URL, not just a domain name.
At least with something like MS Passport (which I believe is defunct now), you get a unique username that people can identify you by. I hardly see what a domain name does to identify you. Especially since most tend to just ignore domains when reading if they're not specifically looking for links.
How is a domain name not unique? I'm quite happy to be identified as Chris Morgan, chrism, http://chrismorgan.info, or anything else (within reason!).
I'll be doing testing on my new domain name, http://chrismorgan.info, soon, but if it does turn out that OpenIDs can be attached to a Drupal account after the creation of it, then that will mean that it can be used by anyone, which I think is good. I'll report back when I'm done.
... while we're at it, if we're trying to be "accessible" to all, why don't we install the Windows Live ID Integration module for Drupal? (You can chose whether you think I'm being sarcastic or not! We probably want to support openness, which Windows Live IDs are not)
I am a Christian and a developer and moderator here.
“A soft answer turns away wrath, but a harsh word stirs up anger.” – Proverbs 15:1
Hi
If you want OpenID on PortableApps go to
http://demand.openid.net/site/portableapps.com
and vote!
OpenID is the second best thing in the internet's history after html
ps.
What's current status of OpenID on PortableApps?
--- Piotr Dobrogost
Yup right up there with HTML-ised email from Microsoft. OpenID is the first best thing for security problems. One signon! Lose it and your open to identity theft, impersonation, and fraud. Don't do it.
Did you even read the thread at all? One user above reported that it supports double-layered security, with the example of associating it with your cellphone so access to the ID requires the attacker to also have your cellphone.
Whether OpenID has these features or not, whether I've read this thread or not is not the issue. Microsoft issued/issues security updates but so few people actually installed them their systems became vulnerable. Users know they must have anti-virus software installed but they don't and their systems likewise became vulnerable. Hence recent press reports that there are bot-nots each comprising 2 million unpatched/unprotected PC. Just because a proposal has all these fancy features does not mean that Joe Soap is going to use them; or even understand that he should be using them. The more complex a soution becomes the less likely end-users are to use them.
And as to the cell phone example it won't work for me. My job regularly takes me into areas where there is no coverage. And my last vacation saw me in Scotland, England with no cell coverage except at the top of the mountains (and that was not a strong signal.)
The most secure system is the one that is not connected to anything.
But a system not connected to anything can also becomes useless.
For more details, go see CallVerifID.