[HacktionLab] secure php login

johnc at aktivix.org johnc at aktivix.org
Sun Nov 23 21:15:23 UTC 2014


Hi,

Thanks. The Symfony security module looks like it would do what I want  
as regards authorisation and authentication but I'd still have to  
write all the code that deals with the DB unless I also used their DB  
abstraction layer. My app is a user portal: I need to manage two sets  
of creds per user 1) user a/c 2) SIP a/c with different hashing  
requirements. I'd still have to code the various forms for log in  
etc.. I think I'd need to pull in a number of Symfony modules. One of  
the main reasons I want something light is to be able to audit the  
code myself from a security perspective etc. I would be seriously  
struggling to do this with the size of the code resulting from several  
Symfony modules.

Any other suggestions? What do you think of the framework I proposed?

Thanks for the advice so far.

Cheers,
John

Quoting ekes <ekes at aktivix.org>:

> On 21/11/14 15:27, johnc wrote:
>> -Reasonably light (not really interested in the bloat of a heavy
>> framework like cakephp, Zend or similar)
>
> As my answer would automatically be just use Symfony2's Security
> Component, and you've got your choice of front-ends, that's probably
> not helpful (though, and I believe this counts for zend2 as well, you
> don't need to use the framework, just the required components); but it
> does highlight a question:
>
>> - - secure Login - - registration - - password reset - - password
>> recovery
>
> That's the front-end forms and probably explains the sort of
> authentication you want; but not what you want to do with the
> authorization. Even at its simplest you want two options on routes -
> authenticated / not authenticated?
>
> ekes





More information about the HacktionLab mailing list