Welcome Guest, Not a member yet? Register   Sign In
Authentication
#31

(01-24-2017, 06:44 PM)prezire Wrote: @Narf You assume too much.

No, you assume too much by thinking that authentication is something trivial.

(01-24-2017, 06:44 PM)prezire Wrote: Don't be so certain about your 100%.

I am rarely that sure about something.
Your continous ignorance towards arguments other than "there's demand for it" only serve to solidify my opinion.

(01-24-2017, 06:44 PM)prezire Wrote: I didn't graduate with honors and formally became a senior developer/engineer two years after working, just so you can arrogantly say I don't have half the knowledge to implement Authentication and Authorization flows.

Really? I suggest you carefully read what I said:

(01-24-2017, 06:43 AM)Narf Wrote: I am 100% certain that you don't have half the knowledge necessary to build a secure authentication/authorization library. Yet you claim it isn't difficult.
The fact that you can easily build something that works doesn't meant that it is secure.

... very specifically emphasising on the word "secure", and also very specifically noting that building something that works doesn't mean you've built it to be secure. I had no doubt that you can build some "flow" that works, and I very carefully worded my reply to say that it merely working is not the problem at all.

You're way beyond twisting my words.

Also, I don't care about your diploma or job title as they've got little to do with security.

(01-24-2017, 06:44 PM)prezire Wrote: And as I said implement (to use), and not create (from scratch). Get the difference? You consistently assume too much.

Did you notice that I said "had no doubt" above? That's because you're now saying that you can't even implement this from scratch yourself.

You're saying you can't build something that you've at the same time claimed was "not difficult" ... Know how that's called? Making assumptions.

(01-24-2017, 06:44 PM)prezire Wrote: Going back to the request, it's about creating bare bones Auth structures that CI4 can call its own.

That means you think one such structure fits all implementations, even though you don't know what the implementations would be.
Assumptions.
Reply
#32

(This post was last modified: 01-25-2017, 06:13 AM by prezire.)

@Narf You're the one only twisting the words here.

Again, you assume too much. Just because I did not mention the words secure or security about auth implementation, creation, use, build, whatnot, doesn't mean I don't know half of it as you mentioned. I took a web security test almost 3 years ago and an employer literally chased me for an entire year and willing to almost double my rate so I would join his team. So again, don't assume too much. I assure you, I know security concepts far more than what you "certainly" assume.

Let me be clear --there's a demand (product request) for auth in most frameworks. We've got almost 200 developers in my day job and a rough estimate 100% of them said that CI lacks all modern features including auth. This forum's Poll might only had around 35% who voted for this request out of only 14 votes, and that's because many of the CI developers (including 100% I personally know off) have moved to Laravel and literally (as in literally) have no plans getting back whatsoever because of this.

I referred to Laravel earlier because it's practically a direct, famous CI competitor and it now has Authentication, API Authentication and Authorization in it. But in any case, 35% are still hoping this gets implemented someday. If not, it would be interesting to see how the framework goes especially now that it's somewhat trying to mirror Laravel's structure, but without its features that previous CI developers favored with.
Long live CodeIgniter!
Reply
#33

(01-25-2017, 05:52 AM)prezire Wrote: @Narf You're the one only twisting the words here.

Really? You're just going to contradict me?
I've been very concrete, so I'd love if you can point out how I'm twisting your words.

(01-25-2017, 05:52 AM)prezire Wrote: Again, you assume too much. Just because I did not mention the words secure or security about auth implementation, creation, use, build, whatnot, doesn't mean I don't know half of it as you mentioned.

No, no, no ... You didn't just not mention those, you outright ignored me talking about "the words".
And so far you've been all talk and zero substance.

(01-25-2017, 05:52 AM)prezire Wrote: I took a web security test almost 3 years ago and an employer literally chased me for an entire year and willing to almost double my rate so I would join his team. So again, don't assume too much. I assure you, I know security concepts far more than what you "certainly" assume.

Right ... So convincing. Big Grin

(01-25-2017, 05:52 AM)prezire Wrote: Let me be clear --there's a demand (product request) for auth in most frameworks.

Do you have a concrete idea about how it should look like?
If so, share it and I promise to explain the problems with it.
If not, I don't care about that demand, because there's demand for literally everything.

(01-25-2017, 05:52 AM)prezire Wrote: We've got almost 200 developers in my day job and a rough estimate 100% of them said that CI lacks all modern features including auth.

Yea, and the first thing they mention when referring to modern features is "PSR-2" - showing that just like you, those people talk too much and don't think enough.

(01-25-2017, 05:52 AM)prezire Wrote: This forum's Poll might only had around 35% who voted for this request out of only 14 votes, and that's because many of the CI developers (including 100% I personally know off) have moved to Laravel and literally (as in literally) have no plans getting back whatsoever because of this.

Don't care.

(01-25-2017, 05:52 AM)prezire Wrote: I referred to Laravel earlier because it's practically a direct, famous CI competitor and it now has Authentication, API Authentication and Authorization in it.

So ... CI should become a copy of its competitors?

(01-25-2017, 05:52 AM)prezire Wrote: But in any case, 35% are still hoping this gets implemented someday.

... in spite of the fact that we've been saying since forever that it won't happen.

(01-25-2017, 05:52 AM)prezire Wrote: If not, it would be interesting to see how the framework goes especially now that it's somewhat trying to mirror Laravel's structure, but without its features that previous CI developers favored with.

I assume this is your personal opinion on whatever it is that you're talking about here, as I don't understand what you mean.
Reply
#34

@prezire

Those 100% that moved to Laravel moved because they did not have a clue as where CI was headed with the old development team.

With CI's new development team and owner thing's are starting to move into the right direction.

Like most users here I have been around since 2009 also, an Auth system has been mentioned many times to be added to CI.

There's too many changing variables in an Auth system to make it feasible to include in CI.
What did you Try? What did you Get? What did you Expect?

Joined CodeIgniter Community 2009.  ( Skype: insitfx )
Reply
#35

Sorry boys. This looks like epic battle between dragons and egos. But I just want to vote (not even know if this is about vote :-D). And I vote AGAINST auth lib.

Reason: I would never use security class made by somebody else then me. It is sure that, I'm not the best of the best .... But security and open source together...smells to me. Such things have to be under control.
Laravel wants to give you all all all. But this is main reason to use CI. CI gives you just secure skeletal structure of app and everything else is up to you. You can add lib or create your own.

CI is great. I'm waiting impatiently to version 4.
Reply
#36

I am not with or against having a standard CI authentication library but not having one is not a disaster and not even an issue. I think that many frameworks have so much libraries that make it more and more complex to deal with.

What I like about codeigniter is the simplicity, you have every thing you need to build your own application using the best practices. in the last years so many developers likes to depend on solutions that suppose to minimize development time or lets say they think it will make their life easy. Unfortunately I think this is not true, there is no such solution that can fit to all needs and trying making one will for sure make it more and more complex, and that's what many frameworks becomes.  

So search for library that fits your needs and If you didn't find, try making your own, this might be harder in the beginning but later, when start bug fixing, you will understand what I mean. 

Anyway I am planning to start an authentication library for (CI4), that fits my needs, and I will make it public hoping that someone can make use of it.
Reply
#37

Hello,
CI is very good, I use it in my projects but authentication is nightmare in codeigniter.
Reply
#38

(05-25-2017, 07:12 AM)Hamed Wrote: Hello,
CI is very good, I use it in my projects but authentication is nightmare in codeigniter.

Not really. There are at least a few established auth libraries out there.
Reply
#39

(This post was last modified: 05-30-2017, 03:07 PM by prezire.)

I just got burnt by this. We used a 3rd-party Auth library for my previous CI3 project. When we recently moved the project to AWS and ran Composer to fetch the vendors, the Auth library was abandoned and is no longer available! A bunch of headaches just to make things work again.
Long live CodeIgniter!
Reply
#40

The way I use auth libraries like ion_auth is to use my own library, say users_library, and all my controllers call the users library with things like check_user_login_status or do_login or do_logout, as well as non auth related like get_user_name or get_full_user_details etc. That library, and that one alone calls the auth library like ion_auth to take advantage of the already well written and well tested code. However, should I need or want to change auth libraries, I only have to alter that one file, the user_library, to deal with the different auth library.

Open source libraries are often abandoned as the original owners move on, or lose interest in maintaining it. Doing it the way above means that future changes are limited to just one file.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB