CodeCritique? : auth built on Datamapper. |
[eluser]skunkbad[/eluser]
I took a quick look, but don't have time to go further. I didn't find an SQL dump, so it was not possible to see the database structure. One thing I noticed was there was very little being checked to see if somebody is logged in vs an imposter. Logging in is the easy part, but what you do to check if the user is logged in is not so easy to make secure. You ought to read through this: http://stackoverflow.com/questions/549/t...entication Consider each part of it, and take time to review your code against each point. It's not the Bible of authentication, but it brings up good points that need to be considered. Of course if you are not making sites for banks and sites with very sensitive data then it may not matter. |
Messages In This Thread |
CodeCritique? : auth built on Datamapper. - by El Forum - 10-05-2012, 11:37 AM
CodeCritique? : auth built on Datamapper. - by El Forum - 10-05-2012, 04:52 PM
CodeCritique? : auth built on Datamapper. - by El Forum - 10-05-2012, 06:54 PM
CodeCritique? : auth built on Datamapper. - by El Forum - 10-06-2012, 11:06 AM
CodeCritique? : auth built on Datamapper. - by El Forum - 10-06-2012, 11:10 AM
|