What ever happened...
Moderator: General Moderators
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
What ever happened...
To that authentication library ya'll were working on??? 
- RobertGonzalez
- Site Administrator
- Posts: 14293
- Joined: Tue Sep 09, 2003 6:04 pm
- Location: Fremont, CA, USA
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Authentication...in it's most atomic state is very simple...answering (IMHO) a single question, so thats why I was turned off by the community proposal...or even Zend for that matter...
Simply put, authenticaiton answers the question: "Are you logged in"
I dislike classes/libraries that try and mash authorization, session control, user creation, etc...those are all outside the domain of authentication...
Even CAPTCHA is outside the domain of an authentication library...but I suppose it seems useless to write a class which contains a single function, so people start looking for filler code and one thing leads to another and BAM you have a full blown security library, instead of a simple modular authentication class...
Simply put, authenticaiton answers the question: "Are you logged in"
I dislike classes/libraries that try and mash authorization, session control, user creation, etc...those are all outside the domain of authentication...
Even CAPTCHA is outside the domain of an authentication library...but I suppose it seems useless to write a class which contains a single function, so people start looking for filler code and one thing leads to another and BAM you have a full blown security library, instead of a simple modular authentication class...
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
Heh, I think the single greatest contribution of that project so far was AuthTools notes.
Yep, it was put on hold until I wrangled HTMLPurifier into shape.
Yep, it was put on hold until I wrangled HTMLPurifier into shape.
The next logical question, then, is How did you log in? It took me a while to figure out how all the bits fit together. Authentication isn't atomic, although most of the time it is.Simply put, authenticaiton answers the question: "Are you logged in"
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
- Ambush Commander
- DevNet Master
- Posts: 3698
- Joined: Mon Oct 25, 2004 9:29 pm
- Location: New Jersey, US
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
I'm not sure I follow...and if I do...I'm not sure I agree...Weirdan wrote:Nope. Simply put, authentication answers the question: "Who you are and can you prove that".Simply put, authentication answers the question: "Are you logged in"
What do you mean, can you prove it??? Using SSL isn't always an option...
You can verify the details were entered by a human using a Turing test like CAPTCHA, but thats about it considering the medium were using and technology available to us...
What other methods do you propose?