You will probably recall from the last article that I mentioned the existence of two methods of authentication and discussed the first one, which is through an HTML form. In this article, the fifth one in an eight-part series, we'll start with the second method of authentication. We'll also discuss how attackers may gain access to your system.

This authentication method uses a simple form to let the user pass in their credentials. Unfortunately, because of its simplicity, this also opens it up to three kinds of attacks - password sniffing, reply attacks and brute force attacks.

[It became] apparent that I had to have my own set of Cake sniffs to manage this but a separate standard just for this seemed an over kill and the simplicity of code made it kind of fun to add more standards which I liked but were in different set of sniffs.

You can grab the whole list of sniffs from their downloads. They implemented them as a pre-commit hook on their SVN server even so that developers could not violate the coding standards when they submit their code.

PHP_CodeSniffer is a PEAR package which detects potential coding problems and enforces your style guide. The default is the PEAR coding standard, but you can easily change that.

His method requires the creation of a custom "FooCodingStandard.php" (named whatever you'd like, of course) that contains a class/method defining the "sniffs" you'd like to use for your standard. Use "pfm" to make it into a package and install it to your system - you'll be all set.