Chit-Chat

Security Issue? OpenID

Permalink November 16, 2010 at 5:15 AM

Hi

when I select "Registration is enabled, but must be manually approved." and have enabled "Enable OpenID", Concrete5 seems to allow anyone with an OpenID to login to my site.

I want to manually approve EVERYONE. How do I set OpenID to 'Deactivated' by default?

I'm using 5.4.0.5 by the way

Cheers
Russell

pktsolutions replied on Jan 28, 2011 at 2:26 pm Permalink Reply

I have noticed the same thing, I have made a patch to update 5.4.1.1 so that it supports OpenID 2.0 and also corrects this problem. Please see Bug tracker.

utomo replied on Jan 24, 2012 at 4:03 am Permalink Reply

How about latest version Concrete5 5.5.1
is this solved ?

Thanks