[PHP] Authentification and session management
Hello PHP-Community, I am PHP programmer since many years and over the years, I have reinvent the wheel in authenification and session management at least 30 times. Yeah, whenever a new project started, I had to reinvent the wheel. So my question now is, is there a proven and secure framework which can be used? My main problem is, that we (anything ISP related) authenticate using PAM+PostgreSQL while the normal Web-User stuff is authenticated directly with a Virtual-DB based on PostgreSQL. Another thing I like to implement in my scripts, that users can at there implicit choice be permanently connected without using a password. Also the script shoud detect, whether a user is connected trough a dynamic IP or a fixed one and sugegst a security level. I am already detecting the IP from the login and many customers (mostly from http://www.free.fr/) have static IP's. Thanks, Greetings and nice Day/Evening Michelle Konzack -- # Debian GNU/Linux Consultant ## Development of Intranet and Embedded Systems with Debian GNU/Linux itsyst...@tdnet France EURL itsyst...@tdnet UG (limited liability) Owner Michelle KonzackOwner Michelle Konzack Apt. 917 (homeoffice) 50, rue de Soultz Kinzigstraße 17 67100 Strasbourg/France 77694 Kehl/Germany Tel: +33-6-61925193 mobil Tel: +49-177-9351947 mobil Tel: +33-9-52705884 fix http://www.itsystems.tamay-dogan.net/ http://www.flexray4linux.org/ http://www.debian.tamay-dogan.net/ http://www.can4linux.org/ Jabber linux4miche...@jabber.ccc.de ICQ#328449886 Linux-User #280138 with the Linux Counter, http://counter.li.org/ signature.pgp Description: Digital signature
Re: [PHP] Authentification and session management
On Tue, 2010-05-18 at 11:21 +0200, Michelle Konzack wrote: Hello PHP-Community, I am PHP programmer since many years and over the years, I have reinvent the wheel in authenification and session management at least 30 times. Yeah, whenever a new project started, I had to reinvent the wheel. So my question now is, is there a proven and secure framework which can be used? My main problem is, that we (anything ISP related) authenticate using PAM+PostgreSQL while the normal Web-User stuff is authenticated directly with a Virtual-DB based on PostgreSQL. Another thing I like to implement in my scripts, that users can at there implicit choice be permanently connected without using a password. Also the script shoud detect, whether a user is connected trough a dynamic IP or a fixed one and sugegst a security level. I am already detecting the IP from the login and many customers (mostly from http://www.free.fr/) have static IP's. Thanks, Greetings and nice Day/Evening Michelle Konzack I recently heard about a PHP-based authentication system called Sumo. It might be what you need to stop re-inventing them darn wheels! http://sumoam.sourceforge.net Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] Authentification and session management
Michelle Konzack wrote: Hello PHP-Community, I am PHP programmer since many years and over the years, I have reinvent the wheel in authenification and session management at least 30 times. Yeah, whenever a new project started, I had to reinvent the wheel. So my question now is, is there a proven and secure framework which can be used? My main problem is, that we (anything ISP related) authenticate using PAM+PostgreSQL while the normal Web-User stuff is authenticated directly with a Virtual-DB based on PostgreSQL. Another thing I like to implement in my scripts, that users can at there implicit choice be permanently connected without using a password. Also the script shoud detect, whether a user is connected trough a dynamic IP or a fixed one and sugegst a security level. I am already detecting the IP from the login and many customers (mostly from http://www.free.fr/) have static IP's. Why don't you take one of those wheels you created and make it work with a simple configuration and voila, you have a class or library that can be used in all your projects. It should be as simple as it sounds. Cheers, Rob. -- http://www.interjinn.com Application and Templating Framework for PHP -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php