Geek Answers Handbook

Secure login with proper authentication in PHP

How to write / build secure login in PHP? a guide for website developers said I should not roll back, so links to samples available through Google are useless.

How do you understand that? Suppose you are creating a world-class application on rails, is it possible to use the same libraries / methods here?

thanks

+5
source share
6 answers

Rails typically uses an existing library. Authentication is easy to do wrong, and the problem has been solved so many times that it is rarely worth the effort to solve it again. If you are interested in writing your own implementation, I will describe how modern authentication works.

The naive method of user authentication is to store your password in a database and compare it with the password that the user represents. It is simple but incredibly unsafe. Anyone who can read your database can view any password. Even if you install database access controls, you (and your users) are vulnerable to anyone cheating on them.

- - , , . - - . , , , . , . , , reset, .

, , . , , : , . . , - , , - , . , , , .

, , , ( xor'd) , , . , . , ; ( ), .

: , , , , . - , , (!) , .

+20

Zend Framework 'Auth' , . , ​​ WordPress PHPBB, .

+4

, , , - .

, SO google, , , , , Google . , , OpenID, .

, , , , , , .

  • - , - .
  • https, , .

, .

+2

Soulmerge:

, . . , :

  • https . , ( "--" , -)
  • - javascript . , . . (md5($_POST['postedPwHash'] . $salt))
0

- ( ssl) - , . , . " ". , JS ( , ). , , . JS, , .

- , , , , , .

, "" . , , ( JS ).

-1

: " "

, . , .

I would recommend to see how to do it. Unfortunately, I do not know what I will be happy to recommend other than openid. I am sure that here you will get good offers, but ...

-2
source

More articles:


All Articles