Is Flexi Auth Secure and Reliable? |
Hello,
I have been searching for a user management script for the last month, i bought 6 scripts from ...some... php market, but all where huge failures, some used MD5 with no salt, some used mysql_query with no escape at all, the things i have seen in these scripts were scarier than horror movies, and they all claimed to be Fully Secured and Professional I also tested many CI systems, they were good but some had BruteForce vulnerablity, some had other issues.. Best one i found yet is Flexi Auth, it has most of the requirements, But i am not a Security Expert, If there are any CI/Security Experts here, have you checked this library? 1. Is it fully secure against "SQL Injection", XSS, CSRF , Session/Cookie Attacks , BruteForce etc? 2. Is it reliable for large projects with a lot of users? (will it become too slow, i mean the logic programmer used on database/retreiving data) etc
Hello Again,
If any security expert see this, please just give me a brief overview of FlexiAuth because old CI forum is down and i can't find any other sources
Hi noobie.
I ran into a similar issue not so long ago with looking for an auth system. I ran into flexi auth and really liked it too but it seems the original author is no longer active. I've decided to maintain a fork so that the framework can become more mature over time here: flexi-auth/jeteon. From the work so far I can tell you this much:
I know it has short comings but please help me improve it by submitting issues and pull requests, if you can to the link above. Jeteon
I can highly recommend taking a look at Ion Auth. It is regarded as the one of most secure and best auth library for CI.
I have personally used it on multiple projects, and passing corporation level security tests. (Obviously, this will also depend on how good the rest of your own code is) Regarding security:
|
Welcome Guest, Not a member yet? Register Sign In |