Authentication (ACL) - Challenges - Solutions - Dilemmas

[eluser]Rick Jolly[/eluser]
Randy, when you discredit EVERY other authentication script written for CI, you've got to be prepared to take some abuse. Be humble. BTW, nobody "forgets" to escape queries. You either use Active Record or query bindings, or you don't.

[eluser]Randy Casburn[/eluser]
[quote author="inparo" date="1223256902"]What I will say though, it doesn't sound like you contacted Randy before disclosing this vulnerability. [/quote]


My friend Inparo - this person is not at all interested in being helpful.

[eluser]Randy Casburn[/eluser]
[quote author="Rick Jolly" date="1223257949"]Randy, when you discredit EVERY other authentication script written for CI, you've got to be prepared to take some abuse. Be humble. BTW, nobody "forgets" to escape queries. You either use Active Record or query bindings, or you don't.[/quote]

Hi Rick,

Please don't mis-quote me. I said I pushed up the wrong script. This is one library file in a CI install. An old file went up...it's that simple.

But thanks for your thoughts.

Randy

[eluser]manilodisan[/eluser]
Ok...I'm a man of few words myself. Good luck! I promise to leave you the production path unharmed from now on . I also promise to stop bumping this thread lol

[eluser]Randy Casburn[/eluser]
Just so everyone knows...

I knew someone would attempt exploits. I'm sure this manilodisan person isn't the first or last. That said, I want to confirm that in exactly one second with pride manilodisan was able to discern that both login capabilities use the same php file. Darn good to be able to do that in exactly 1 second...but hey, whatever. They use the same script.

Since some of you actually do realize I have some experience, neither login goes anywhere or allows access to anything as I fully expected that the exploit attempts would start immediately. As they did.

@Inparo - Thanks for your professionalism. Although you don't agree with my approach on the product and might even find my idea distasteful or 'hate' it, you still are righteous enough to be right when it's right to do so.

Also, error reporting IS STILL ON. Have a blast. It's on for a reason. I am not fearful of someone asking me tough questions. Some of you should ask yourself if you are fearful of accepting a truthful answer as the truth.

See you on the next exploit...but there is a high probability of that not being the case.

Randy

[eluser]Randy Casburn[/eluser]
[quote author="manilodisan" date="1223258781"]Ok...I'm a man of few words myself. Good luck! I promise to leave you the production path unharmed from now on . I also promise to stop bumping this thread lol[/quote]

I actually welcome your input. I wish it would take a more constructive approach, that's all.

You might be quite surprised by the reaction you get.

For instance. Had you privately notified me of the very same problem that you so brilliantly pointed out above, I likely would have plastered it up here for everyone to see anyway. Admitted my mistake, taken the punches on the chin and allowed folks to see what they could expect from me as a partner in support.

I don't think I ever said thanks for pointing out that I had the wrong file out there. So, really, thanks for letting me know.

Randy

[eluser]Xeoncross[/eluser]
ok... so what was this thread about again...?

[eluser]Randy Casburn[/eluser]
[quote author="Xeoncross" date="1224809547"]ok... so what was this thread about again...?[/quote]

Thanks for asking...Since the first post in the thread is a summary of what this thread is about, I'll have to assume your intent is less than genuine.

But since I've been honest from the beginning, I'll be completely honest now, and then I'll let the love fest begin as I'm sure it will, as it has already...

----

This thread represents a failed attempt to provide a very well supported authentication library at a very low cost. This failed attempt was in response to Derek Jones indicating that EllisLab would not provide these capabilities as part of CI. Part of the reasoning was that they were too difficult and costly to maintain.

The criticisms of the idea are plainly posted for everyone to see in the first post of this topic and throughout the thread.

----

I hope that answers your question. If not, I'm certain there are those that will find effervescent joy in making personal slanders about me and my ideas in follow-on posts.

That should sum it up.

Randy

[eluser]Xeoncross[/eluser]
[quote author="Randy Casburn" date="1224810290"]I'm certain there are those that will find effervescent joy in making personal slanders about me and my ideas in follow-on posts.[/quote]

Sweet, can I have a turn? :cheese:

[eluser]Randy Casburn[/eluser]
Wasn't that the point?