Secure login system with phalcon (that I was working on a few months ago)

[dschissler]

Well the code that I put about two weeks into has been sitting dormant.  I based it on the 0.7 code base.  I was communicating significantly with the ulogin author and the newest version has many improvements.  Unfortunately he is only teasing me with the change log on the site and he is seriously AFK and hasn't responded to me for some time now.  Stupidly I declined his offer to receive the unfinished code.  It doesn't seem to be the best idea for me to release in this state as there are some important improvements.  I hoping that the situation changes and I find myself checking his site multiple times a week.

So what to do?  I have plenty of work to do now and I can easily keep myself busy.  I feel bad about not having released anything and it seemed that at least one person was anticipating it.  I'm leaning towards waiting up to a few months more and waiting and seeing.  Hopefully he is just living it up on some warm beach right now and everything is fine?

[Mariusz Łączak]

I also created Auth class. If you want to see example usage please go to the https://github.com/mruz/library/wiki/Auth

[dschissler]

It looks good at a quick glance.

I like ulogin because it supports several backends and it has many security features that are not trivial to properly implement at all.  In my project I have SSH, PDO and PDO+OPENID backends working and also I was just barely able to get a Dual form authenticator working (but the code is not properly implemented yet).  ulogin does brute force blocking, supports Ajax single token security, nonces (to guarantee against a crazy robot attack) and many other features.  Its really kick ass and I think that it would take a very long time to create a secure tool like this from scratch.

I'm thinking that I will release my code and to just get things moving along.  I sincerely think that my code, even so far, is the best starting point for a very secure phalcon system with many options.  I need to figure out how to work github and I will be releasing soon.

[Antonio Lopez]

that sounds interesting, is the code available somewhere?

--
You received this message because you are subscribed to the Google Groups "Phalcon PHP Framework" group.
To post to this group, send email to pha...@googlegroups.com.
To unsubscribe from this group, send email to phalcon+u...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msg/phalcon/-/zuP4XCPhW1IJ.

For more options, visit https://groups.google.com/groups/opt_out.
 
 

[dschissler]

I will make it available soon.  I'll just make sure that the devel tool compiles.  I haven't run it in a few months and I'm about 96% sure that I left it in working order.  So I'll just get it out there, but in worse shape than I intended.  Look for it this week.

[Nikolaos Dimopoulos]

Thanks David!

The contents of this message may contain confidential or privileged information and is intended solely for the recipient(s). Use or distribution to and by any other party is not authorized. If you are not the intended recipient, copying, distribution or use of the contents of this information is prohibited.

To view this discussion on the web visit https://groups.google.com/d/msg/phalcon/-/KhtrtIYCtTMJ.