[HacktionLab] secure php login
johnc at aktivix.org
johnc at aktivix.org
Sun Nov 23 21:15:23 UTC 2014
Hi,
Thanks. The Symfony security module looks like it would do what I want
as regards authorisation and authentication but I'd still have to
write all the code that deals with the DB unless I also used their DB
abstraction layer. My app is a user portal: I need to manage two sets
of creds per user 1) user a/c 2) SIP a/c with different hashing
requirements. I'd still have to code the various forms for log in
etc.. I think I'd need to pull in a number of Symfony modules. One of
the main reasons I want something light is to be able to audit the
code myself from a security perspective etc. I would be seriously
struggling to do this with the size of the code resulting from several
Symfony modules.
Any other suggestions? What do you think of the framework I proposed?
Thanks for the advice so far.
Cheers,
John
Quoting ekes <ekes at aktivix.org>:
> On 21/11/14 15:27, johnc wrote:
>> -Reasonably light (not really interested in the bloat of a heavy
>> framework like cakephp, Zend or similar)
>
> As my answer would automatically be just use Symfony2's Security
> Component, and you've got your choice of front-ends, that's probably
> not helpful (though, and I believe this counts for zend2 as well, you
> don't need to use the framework, just the required components); but it
> does highlight a question:
>
>> - - secure Login - - registration - - password reset - - password
>> recovery
>
> That's the front-end forms and probably explains the sort of
> authentication you want; but not what you want to do with the
> authorization. Even at its simplest you want two options on routes -
> authenticated / not authenticated?
>
> ekes
More information about the HacktionLab
mailing list