Return-Path: 
 <allura-dev-return-3964-apmail-incubator-allura-dev-archive=incubator.apache.org@incubator.apache.org>
X-Original-To: apmail-incubator-allura-dev-archive@minotaur.apache.org
Delivered-To: apmail-incubator-allura-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id CEDEF10D58
	for <apmail-incubator-allura-dev-archive@minotaur.apache.org>;
 Wed,  5 Mar 2014 20:33:57 +0000 (UTC)
Received: (qmail 70833 invoked by uid 500); 5 Mar 2014 20:33:57 -0000
Delivered-To: apmail-incubator-allura-dev-archive@incubator.apache.org
Received: (qmail 70618 invoked by uid 500); 5 Mar 2014 20:33:56 -0000
Mailing-List: contact allura-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:allura-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:allura-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:allura-dev@incubator.apache.org>
List-Id: <allura-dev.incubator.apache.org>
Reply-To: allura-dev@incubator.apache.org
Delivered-To: mailing list allura-dev@incubator.apache.org
Received: (qmail 70600 invoked by uid 99); 5 Mar 2014 20:33:56 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Mar 2014 20:33:56 +0000
X-ASF-Spam-Status: No, hits=-0.1 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_MED,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (athena.apache.org: domain of noreply@sourceforge.net
 designates 216.34.181.60 as permitted sender)
Received: from [216.34.181.60] (HELO smtp.ch3.sourceforge.com) (216.34.181.60)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 05 Mar 2014 20:33:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=sourceforge.com; s=x;
	h=Date:References:In-Reply-To:Message-ID:Subject:Reply-To:From:To:MIME-Version:Content-Type;
 bh=v83K4/4sklOKJLWpAZ6xn3vGsCWdr4ga7C3MKZ578ro=;
	b=JNdKlahQXmEoLcePeBpDGbkoriTcxG/58PHi09nYb7aVj99ljwtuU1sR5IXaMFAf3JI/J4yxJCiyu0KkP1t0JwAhROUXgi99xQXjEMIr2CSeXDvUGra3Scbba5xqo28UL/es/JfsQuOj4XZa4pJkProKHiPi7Kb/Ui9LaJUV0kY=;
Received: from localhost ([127.0.0.1]
 helo=sfs-alluradaemon-3.v29.ch3.sourceforge.com)
	by sfs-alluradaemon-3.v29.ch3.sourceforge.com with esmtp (Exim 4.76)
	(envelope-from <noreply@sourceforge.net>)
	id 1WLIVP-0001Xl-9A
	for allura-dev@incubator.apache.org; Wed, 05 Mar 2014 20:33:31 +0000
Content-Type: multipart/related;
 boundary="===============1833625235249300421=="
MIME-Version: 1.0
To: allura-dev@incubator.apache.org
From: "Dave Brondsema" <brondsem@users.sf.net>
Reply-To: "[allura:tickets] " <374@tickets.allura.p.re.sf.net>
Subject: [allura:tickets] #374 discussion
Message-ID: 
 </p/allura/tickets/374/62127c27b7c080249c5aa8f785b6fb0e7c088c04.tickets@allura.p.sourceforge.net>
In-Reply-To: <4c349e5d0594ca5c17000276.tickets@allura.p.sourceforge.net>
References: <4c349e5d0594ca5c17000276.tickets@allura.p.sourceforge.net>
Date: Wed, 05 Mar 2014 20:33:31 +0000
X-Virus-Checked: Checked by ClamAV on apache.org

--===============1833625235249300421==
Content-Type: multipart/alternative;
 boundary="===============5393160132885633615=="
MIME-Version: 1.0

--===============5393160132885633615==
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit

OpenID logins were removed in [#7013]


---

** [tickets:#374] OSS: Fix problem where logging in with an unclaimed OpenID is a denial-of-service**

**Status:** invalid
**Milestone:** someday
**Created:** Wed Jul 07, 2010 03:33 PM UTC by sf robot
**Last Updated:** Fri Apr 20, 2012 05:56 PM UTC
**Owner:** nobody

Created by: wolf
Created date: 2010-05-13 19:39:50.904000
Assigned to:nobody

effect seems to be to create a new user with no username.  After that, no page in the site works for anyone, logged in or not.  See <https://gist.github.com/56b35db38d8351a3cd6a> for some forensics and repair.


---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
--===============5393160132885633615==
MIME-Version: 1.0
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: 7bit

<div class="markdown_content"><p>OpenID logins were removed in <a class="alink" href="http://sourceforge.net/p/allura/tickets/7013/">[#7013]</a></p>
<hr />
<p><strong> <a class="alink" href="http://sourceforge.net/p/allura/tickets/374/">[tickets:#374]</a> OSS: Fix problem where logging in with an unclaimed OpenID is a denial-of-service</strong></p>
<p><strong>Status:</strong> invalid<br />
<strong>Milestone:</strong> someday<br />
<strong>Created:</strong> Wed Jul 07, 2010 03:33 PM UTC by sf robot<br />
<strong>Last Updated:</strong> Fri Apr 20, 2012 05:56 PM UTC<br />
<strong>Owner:</strong> nobody</p>
<p>Created by: wolf<br />
Created date: 2010-05-13 19:39:50.904000<br />
Assigned to:nobody</p>
<p>effect seems to be to create a new user with no username.  After that, no page in the site works for anyone, logged in or not.  See <a href="https://gist.github.com/56b35db38d8351a3cd6a" rel="nofollow">https://gist.github.com/56b35db38d8351a3cd6a</a> for some forensics and repair.</p>
<hr />
<p>Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed to <a href="https://sourceforge.net/p/allura/tickets/">https://sourceforge.net/p/allura/tickets/</a></p>
<p>To unsubscribe from further messages, a project admin can change settings at <a href="https://sourceforge.net/p/allura/admin/tickets/options.">https://sourceforge.net/p/allura/admin/tickets/options.</a>  Or, if this is a mailing list, you can unsubscribe from the mailing list.</p></div>
--===============5393160132885633615==--

--===============1833625235249300421==--