Filed under: Internet, Security, Web services, Open Source
phpMyID: roll your own OpenID provider
With more and more web sites and services offering OpenID for authentication, you may want to use your own domain name as an OpenID provider instead of selecting from the wide array of other providers (like Blogger, AOL, Wordpress.com). phpMyID is a pair of PHP files that allow you to easily use your domain name for authentication to OpenID-supporting sites like Sourceforge, Skitch, and Technorati.
To use phpMyID (substitute "yourwebsite" with your domain name or website address):
- Download the archive from the phpMyID website
- Upload the files to your web server (I chose to put them in an "openid" subfolder)
- Visit http://yourwebsite/MyID.config.php
- Make a note of your PHP realm
- Pick a username and password for phpMyID (remember, with OpenID you authenticate to your provider, and then OpenID sites trust your provider to permit/reject authentication)
- Create an MD5 hash of your username, password, and PHP realm. Mac and Linux users can just use OpenSSL (
echo -n 'username:realm:password' | openssl md5). Windows users will need an MD5 utility - Edit your MyID.config.php by entering your chosen username for "auth_username" and the MD5 result from step 6 for the value of "auth_password"
- Reupload the MyID.config.php file to your web server
- Visit http://yourwebsite/MyID.config.php and login with your phpMyID username and password to make sure everything is working correctly
- Place the following HTML tags in the index document for your web site
<link rel="openid.server" href="http://yourwebsite/MyID.config.php"> <link rel="openid.delegate" href="http://yourwebsite/MyID.config.php">You will now be able to use your domain name or website as your OpenID URL when logging in to OpenID sites. phpMyID is open source, requires PHP, and, yes, it does support the OpenID Simple Registration Extension (SREG) for providing default information to OpenID websites.
So, just how good at time waster games are you? Think you've got the stuff? Well, The World's Hardest Game 2.0 doesn't think you do.
Yes, amazingly, it's possible to have a sequel to a game called "The World's Hardest Game". It doesn't seem logically possible, since if the first one was actually the world's hardest, how could another one come along and share the moniker? It made me doubt the name in the first place. That is, until I tried the game.
The mechanics of the game are very simple. You are a small red square, ...
Reader Comments (Page 1 of 1)
Abscissa said 3:51PM on 2-21-2009
As if OpenID needed more support...
http://marcoslot.net/apps/openid/
(Not that PHP itself is known for security either.)
Reply
lars said 5:52PM on 2-22-2009
@Abscissa: It's been a long time since there were any serious security issues with PHP. It's the PHP-programmers that make insecure code ;)
Reply
Abscissa said 7:29PM on 3-02-2009
The problem is, PHP makes it far too easy to write insecure code. That's not something that's ever going to get fixed in PHP.
lars said 7:39PM on 3-02-2009
Well, you can write insecure code in whatever language you want. Again, it's up to the programmer ;) PHP has the tools that makes it easy to write secure code too.
It's like saying that C makes it far too easy to write code that leaks memory.
And how is it not going to get fixed? Use patterns, frameworks etc. Use a hardened PHP. It's pretty easy to make secure code.
Stephen said 6:41AM on 2-23-2009
(Warning: blatant plug!)
If you want something that allows you to manage multiple IDs on a single server, or just a basic GUI wrapper for hosting your own OpenID, then some people might prefer Clamshell:
http://wiki.guruj.net/Clamshell!Home
Reply
Greg Rolan said 5:15PM on 2-25-2009
(Another blatant plug!)
Or else use Glynx - an OpenID solution that works p2p from your PC without passwords - so no server stores your userid/passwords anywhere.
Reply