News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
How to avoid Identity Theft in Zend Framework with Zend Auth
March 05, 2010 @ 10:59:28

On the Zend Developer Zone there's a new tutorial for those using the Zend Framework (and more specifically the Zend_Auth component) on a way that you can prevent identity theft in validating your users.

As I am building my applications, I always try to improve the code I write in some way. Today I thought about the security issues of any PHP application that uses an authenticating system. [...] There is one particular issue that bugged me for some time. The Identity theft - Broken account and session management issue. Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application?

He shares a class he's developed as a guideline to help your application automatically test to ensure that the information being given by the user is valid. It checks a security level and validates against the user agent and remote IP of the user to ensure they match. These two criteria might not always be the best choices, but it gives you a push in the right direction.

Code is also included to show how to integrate it into your Zend Framework application by loading it into your base controller and using the "hasIdentity" and "hasSecureIdentity" methods to check the user's credentials.

0 comments voice your opinion now!
zendframework tutorial zendauth security


blog comments powered by Disqus

Similar Posts

Zend: Zend Framework 0.7.0 Released

SitePoint PHP Blog: How to Use the JsonSerializable Interface

Pádraic Brady's Blog: OpenID library for the Zend Framework?

SitePoint PHP Blog: The Joy of Regular Expressions [1]

PHP Web Services: How to configure https for Apache2.2 and consume PHP web services over https


Community Events





Don't see your event here?
Let us know!


release package tool podcast version opinion introduction symfony laravel interview community language update framework series mvc voicesoftheelephpant security composer library

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework