| Community Auth Add User Registration Error |
(01-17-2017, 02:55 PM)enlivenapp Wrote: @allenxiao7, It seems you're arguing convenience is greater than security and/or more lax security from the Auth library could/should be left to something else (if the particular server has a particular thing). @enlivenapp, well, first of all, I am not arguing with Brain, I am asking him. Now, I AM arguing, with you. Basically if you want to talk about security, I am a little background behind it. Auth is a third party plugin for a great use, no doubt, in my opinion, no need to focus on security issue too much, because the real security vulnerability is on other backend essentials, for example, Apache, NGINX, PHP, MYSQL, BASH, and even OS(Windows, Linux), or at least Codeigniter!!! Think about it, if you are using a poor risky version of either of these mentioned, and you are expecting Auth would be the last defense? All I was saying in my second reply is Auth can do his part/role well, putting a minimum security concern is good, but not that important, it should be covered by something else. In my opinion, if Auth can be portable easily and stable, thats it. (If you are asking addin to do the core stuff, that's a bad idea. Trust me, if a hacker wants to hack your server, Auth should not be the first choice. I am not sure you heard about Microsoft Super/Patch Tuesday, I am dealing with so many vulnerabilities everyday, If a developer can do a bug-free program, then there aren't so many bugs every minute, network security industry will be bankrupted. like Palo Alto, Checkpoint... ) BTW, I am a big fan of Community Auth, I mentioned in my last thread, its easily installed, and I am using it on CI 3.1.2 with my multiple projects on the same server. So far, its working great. Currently I have enabled LDAP support on my CI, because Auth has a its own user table, so each LDAP users need also register first. But they don't know they need, that's why its better to warn them, rather than let them confused and try different passwords, and then get locked... |
| Messages In This Thread |
|
Community Auth Add User Registration Error - by allenxiao7 - 01-16-2017, 03:21 PM
RE: Community Auth Add User Registration Error - by skunkbad - 01-16-2017, 08:31 PM
RE: Community Auth Add User Registration Error - by allenxiao7 - 01-17-2017, 02:13 PM
RE: Community Auth Add User Registration Error - by skunkbad - 01-17-2017, 03:51 PM
RE: Community Auth Add User Registration Error - by allenxiao7 - 01-17-2017, 07:00 PM
RE: Community Auth Add User Registration Error - by enlivenapp - 01-17-2017, 02:55 PM
RE: Community Auth Add User Registration Error - by allenxiao7 - 01-17-2017, 07:19 PM
RE: Community Auth Add User Registration Error - by enlivenapp - 01-17-2017, 09:08 PM
RE: Community Auth Add User Registration Error - by allenxiao7 - 01-18-2017, 12:12 PM
RE: Community Auth Add User Registration Error - by skunkbad - 01-17-2017, 07:49 PM
|
