There could be use cases for separate module or even separate app for admin. If you are doing a private app, e.g. one that requires users to be on a VPN, or if the app is going to value development efficiency and user convenience highly, I'd say you're in good company making admin role and interface be part of the same app.
I'm very happy with bjyauthorize. The app I'm currently working on uses it and has passed some strict corporate security audits. Resources are a powerful way to segregate roles from whole areas of the app. If you're not going to use an external identity provider, such as ldap, you'll need to build user management, and I'd recommend giving zfc_user a serious look, rather that rolling your own. Jeremiah > On May 31, 2014, at 7:25 PM, Jamie Krasnoo <[email protected]> wrote: > > Hi All, > > Before I dive headfirst in to creating the authentication for a site I'm > building. I thought I'd ask a few questions and get your opinion on the > best thing to do as far as security and authentication on a zf2 site. I'm > trying to make the Admin area as secure as possible. I've read opinions on > securing the admin area. One of which is making admins separate from > members, tables, user type and entity, authentication and all. If a regular > user happens to stumble upon the admin area to make sure the login for it > pops up and if they try to log in that they won't be able to. Is it worth > it at all to separate the users and authentication services for the areas > or it is overkill and an over complication? > > Jamie -- List: [email protected] Info: http://framework.zend.com/archives Unsubscribe: [email protected]
