Welcome Guest, Not a member yet? Register   Sign In
Redux Authentication 2 Beta Released
#11

[eluser]Xeoncross[/eluser]
[quote author="Popcorn" date="1222122924"]Users with matching passwords still have different hashes. Maybe you mis-understood the new concept?[/quote]

quite possible %-P

If you are using 1 salt only:

A) You are using a salt for each user - so if the database table is stolen they will have the salt for the user - and the user password hash it's self.

B) you are using a global site salt - users with matching passwords will have the same hash.

That is why I would encourage you to keep the user and site salts as they both help protect things.
#12

[eluser]Popcorn[/eluser]
If the database was stolen they'd have hashes, but not know the algorithm used to hash them. Now obviously my code is available online, but you shouldn't be mentioning Codeigniter or Redux anywhere on the site for them to figure out you're using Redux.

I can use a file salt, but I think most people would be satisfied with a dynamic salt.
#13

[eluser]Xeoncross[/eluser]
It is really easy to figure out what system people are running because of the way static files are included in the source... Wink

Anyway, maybe you could make that a optional part so that people that want the extra security can have it.
#14

[eluser]Popcorn[/eluser]
Cheers Xeoncross. I'll consider it.

Keep an eye on the SVN Smile
#15

[eluser]freshface[/eluser]
Nice Popcorn, any idea on the launch?
I currently use 1.x but some things dont work.
#16

[eluser]Fenix[/eluser]
Hey popcorn, if you could stop by the thread for 1.4a and help me out by answering my questions about the forgotten password process, that would be great! Thanks!
#17

[eluser]freshface[/eluser]
Fenix, I managed to get the forgotten pasw proces working. PM me your email adress and I wille send you my files.
#18

[eluser]Bramme[/eluser]
I was wondering how dead/alive Redux Auth is... I've downloaded it now because I wanted to use it in a project of mine, but I can't really make much sense of it... The docs also seem very incomplete...
#19

[eluser]Popcorn[/eluser]
Glad you guys are still interested. I've been busy with a new job and haven't touched Redux for over a month, but I've found some free time and managed to update it quite a bit.

I've been working hard on the new version which is nearly out of alpha. Some of the features include.

* Email templates - Allows you to use CI helpers, etc ... in your emails. A lot more power to the developer.
* Login throttling - Users are now locked out from logging into their account for 30 minutes after 3 wrong passwords.
* Forgotten Password - Now you only need to send a verification email and click a link. After this a new password will be sent.
* CI error reporting - Logs errors into the ci error log.
* Cleaner code - No more madness with login and registration examples.
* Change password - What it says on the tin.
* Profiles table - Specify a table and the column to join with to grab additional user information.

ex table : profiles, column : user_id

You can check out the SVN for the latest build (link at top).

Example of the new redux.

http://redux.devjavu.com/browser/Redux Authentication 2/controllers/welcome.php
#20

[eluser]Fenix[/eluser]
i cant wait! thanks popcorn for all your hard work!




Theme © iAndrew 2016 - Forum software by © MyBB