SourceForge Uses Zend Framework to Implement OpenID

Cal Evans (Editor-in-Chief) | 5 comments | May 13th, 2008

Good news “SourceForge”:http://sourceforge.net junkies, the forge now supports OpenID! Better yet, they support it thanks to the “Zend Framework”:http://framework.zend.com “OpenID”:http://framework.zend.com/manual/en/zend.openid.html component. Here’s the press release they published last week.

bq. I’m happy to announce we’re launching support for “OpenID”:http://openid.net/ !

OpenID is getting tremendous traction and we’re happy to be jumping into it. it’s bringing us back in touch with fresh web (2.0) technology. as a decentralized open-source standard, it’s a perfect fit for us – it allows us to streamline more user interaction and participation with our site, and hopefully more for the whole OSS community.

We’ve spent the past couple weeks on it – integrating the “Zend Framework”:http://framework.zend.com/ OpenID component into our site code. we like the framework as a whole and I personally hope to use more of it in the future. We’ve been happy to participate, as a company, in the ZF project and have already submitted reports of, and patches for, some OpenID issues and enhancements.

While I’m giving shout-outs, I have to thanks the “SF staff”:http://alexandria.wiki.sourceforge.net/Support+Guide#staff who worked on it – especially Paul Huff, Patrick Mee, John Hoffmann, Adam Voigt, Kathi Hutchings, and Wes Moran for tolerating my squawking while they did the productive work over the last few weeks. and Lisa and Ross have really helped me get out of my shell to tell the community about it.

We’re really hoping OpenID is good for our users, and we’re eager to have everyone try it out and give us feedback – both good and bad – here in our community forums, or out in the blogosphere, or wherever. so, go “log in”:http://sourceforge.net/account/login.php with your OpenID already! and learn more about our implementation on our “OpenID site doc page”:http://alexandria.wiki.sourceforge.net/OpenID.

p. Make sure you drop by and setup your OpenID. If you are running into problems (i.e. Yahoo OpenID reimplementation, Visit the “OpenID site doc page”:http://alexandria.wiki.sourceforge.net/OpenID and scroll down to the FAQ section.

Published: May 13th, 2008 at 6:49
Categories: Zend Framework
Tags: OpenID, Press Release

← Synchronizing Drupal Modules with Adobe AIR

Uploading YouTube Videos with Zend Framework →

5 comments to “SourceForge Uses Zend Framework to Implement OpenID”

timvw1
May 14th, 2008 at 8:42 am

The Sourceforge.Net login page is vulnerable for XSS attacks… It seems they copied the flawed code from http://framework.zend.com/manual/en/zend.openid.provider.html#zend.openid.provider.start (Example 29.13) which uses $_GET['openid.identity'].

And now the ZF issue tracker wants me to sign-up before i can report that problem…

timvw1
May 14th, 2008 at 8:45 am

Feel free to delete the previous comment

dstogov
May 16th, 2008 at 8:29 am

Thank you for catching this issue. I’ve fixed all OpenId examples (in SVN) to avoid XSS vulnerabilities.

groovepapa
May 16th, 2008 at 6:13 pm

can you give the specific flow for the vulnerability? I tried a couple <script> variations in the openid box and didn’t get it to work. please submit to our tracker:

http://sourceforge.net/tracker/?group_id=1&atid=200001

thanks.
-L

timvw1
May 19th, 2008 at 5:48 pm

I was too fast posting my original comment, because i couldn’t immediately find an xss problem either on the login page of sf.net (=Why i posted the 2nd comment that my post was viable for deletion..)