ASPN ActiveState Programmer Network
ActiveState
/ Home / Perl / PHP / Python / Tcl / XSLT /
/ Safari / My ASPN /
Cookbooks | Documentation | Mailing Lists | Modules | News Feeds | Products | User Groups


Recent Messages
List Archives
About the List
List Leaders
Subscription Options

View Subscriptions
Help

View by Topic
ActiveState
.NET Framework
Open Source
Perl
PHP
Python
Tcl
Web Services
XML & XSLT

View by Category
Database
General
SOAP
System Administration
Tools
User Interfaces
Web Programming
XML Programming
MyASPN >> Mail Archive >> php-lib
php-lib
Re: [phplib-users] current status of phplib
by Layne Weathers other posts by this author
Jul 19 2007 11:33AM messages near this date
Re: [phplib-users] current status of phplib | Re: [phplib-users] current status of phplib 
> It always seemed sensible to me which is why I've used it.  But after
> googling on the subject it seems that even this is not as secure as
> you might think, it only obscures things a bit better.  It should
> still be combined with SSL.  This link
> <http://www.ietf.org/internet-drafts/draft-newman-auth-scram-04.txt>
> sounds pretty similar to what phplib does.  I think I am by no means
> an expert on these things, but phplib's auth seems much closer to
> secure (by far) than any other php authentication I've seen -- unless
> I am missing something.

Thanks for the link. CRC gives a nice security benefit for very 
little effort, but it's not a panacea.

I am baffled when I see people implementing HTTP auth for their 
web app (or not protecting themselves from SQL injection).



> >>I am desperately in need of cross-site authentication functionality,
> >>which it looks like it was discussed but never implemented, and I
> >>haven't seen any easy to use implementations in php.
> >
> >There are different levels of cross-site authentication that
> >have been discussed on this list from running multiple sites on
> >the same servers to sharing logins with a site under another
> >organization's control. I've implemented cross-site
> >authentication for sites hosted on the same servers a couple
> >times myself - it is trivial to build with auth_preauth(),
> >passing authentication tokens (stored temporarily in the DB) via
> >a hidden iframe or riding as parameters on a transparent gif request.
> 
> it seems like an easy enough concept but I have had trouble getting it to
> work..

Why don't you start a new thread with the details - at least a 
couple of us can take a look.

-- 

Layne Weathers

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
phplib-users mailing list
phplib-users@[...].net
https://lists.sourceforge.net/lists/listinfo/phplib-users
Thread:
Aric Caley
Layne Weathers
Aric Caley
Richard Archer
Layne Weathers
Marko Kaening

Privacy Policy | Email Opt-out | Feedback | Syndication
© 2004 ActiveState, a division of Sophos All rights reserved