| The Auth Library 1.0.3 - The Easiest Auth Library for CodeIgniter |
[eluser]gyo[/eluser]
Hi Adam, I really appreciate your effort in making this library, but I think it still needs to grow. Auth (authentication and authorization) is a very critical step, let's say it has to be bomb proof...  Here is some feedback: You should remove all the checking like min and max password chars from the lib; I would do that kind of checks in a model, without throwing all the error messages with show_error() because that limits a lot the flexibility. I see you're loading all the libraries and config twice (both in __constructor and Auth methods); you're mixing php4 and php5, and the only element of php5 is the __constructor. Just remove it, since all the library is php4 and it will work in php5, or optimize it for php5 without backward compatibility. Since I'm paranoid about security I would filter all the input->post for XSS, apart from checking the data types: $this->input->post('some_data', TRUE); Take a look at Redux Auth which has been developed with security as the main idea: http://codeigniter.com/wiki/Redux_Auth/ Anyway... I'm trying to be constructive with my comments, and I'm always open to different points of view! Byee |
| Welcome Guest, Not a member yet? Register Sign In |
