 | News Feed |
 | Jobs Feed |
Sections
|
| feed this: |  |
PHPMaster.com: Understanding HTTP Digest Access Authentication
by Chris Cornutt May 21, 2013 @ 12:09:02
On PHPMaster.com they've posted a new tutorial by Sean Hudgston that helps you understand HTTP digest authentication, a simple way to authenticate a user or script against your application.
Digest Access Authentication is one method that a client and server can use to exchange credentials over HTTP. This method uses a combination of the password and other bits of information to create an MD5 hash which is then sent to the server to authenticate. Sending a hash avoids the problems with sending a password in clear text, a shortfall of Basic Access Authentication.
He starts out by looking at the "basic authentication" mechanism that's built into most web servers and points out that it has a major flaw - sending the username/password in (pretty much) plain text. Digest, on the other hand, uses a MD5 hash created from a few pieces of information including username, realm and request method. The result is sent as a header back to the server that can then be parsed by PHP. He also talks about improving on the basic version of the digest method using the qop, nc, and cnonce optional parameters.
voice your opinion now!
http digest authentication tutorial basic hash
NetTuts.com: HTTP The Protocol Every Web Developer Must Know - Part 2
by Chris Cornutt April 29, 2013 @ 15:07:21
NetTus.com has followed up their previous article covering some of the basics of the HTTP protocol with this new post, part 2 of the series. They suggest that HTTP, the messaging format of the web, is the one protocol that every web developer should know.
In my previous article, we covered some of HTTP's basics, such as the URL scheme, status codes and request/response headers. With that as our foundation, we will look at the finer aspects of HTTP, like connection handling, authentication and HTTP caching. These topics are fairly extensive, but we'll cover the most important bits.
In this article, they talk about things like the HTTPS secure version of HTTP, server-side connection handling, identification/authorization and working with caching and cache control headers.
voice your opinion now!
http developer knowledge https authentication connections caching
Michael Kimsal: Why do no almost no web frameworks come with any authentication/authorization?
by Chris Cornutt February 22, 2013 @ 10:14:08
In a new post to his site Michael Kimsal poses an interesting question about something he's noticed in several frameworks - and not just PHP ones: there seems to be a lack of authentication/authorization functionality coming bundled in.
Why do almost no web frameworks provide any default authentication/authorization functionality, with default examples of best practices for common use cases. The standard response I've gotten for years was/is "well, everyone's needs for authentication are different". No, they are not. A (very?) large majority of web applications (which is what most web frameworks are used to build), require some form of user login and authorization management, and often self-registration, dealing with lost passwords, etc.
He points out that by not having something a user can immediately deploy that's been well tested and relatively risk-free, it can introduce security holes as a developer is "left to fend for themselves". He suggests that the "not everyone's the same" mentality that seems to go with authentication/authorization isn't as valid as once thought. He does point out that both Symfony2 and Zend Framework 2 come with ACL functionality, but no common user handling. He mentions ones in a few other tools used in other languages too like Devise in Ruby, Spring Security in Grails and a membership system in ASP.NET.
voice your opinion now!
framework opinion authorization authentication missing feature
PHPBuilder.com: Oauth Authentication for Social Apps in PHP
by Chris Cornutt February 08, 2013 @ 10:27:18
On PHPBuilder.com today there's a tutorial introducing you to OAuth and how to use it in your PHP applications.
Oauth is an open standard for authorization that allows secure authorization from web, mobile and desktop applications. This standard allows a third-party application to gain access to a HTTP service, i.e. it enables users to share their resources from one website with another website without having to give out their credentials (usually username and password). [...] Oauth authorization is carried out in 3 steps: obtain a request token, authorize request token and exchange request token for an access token.
They introduce you to some of the basic concepts behind OAuth and how the process works (complete with a handy graphic). They then show how to use OAuth to connect to the Facebook API, both in Javascript then PHP. This is followed with two other examples referencing popular social sites Twitter and Foursquare, hitting their APIs with simple authentication requests.
voice your opinion now!
oauth authentication social application twitter facebook foursquare tutorial
PHPMaster.com: Creating a PHP OAuth Server
by Chris Cornutt January 01, 2013 @ 11:56:46
On PHPMaster.com today there's a new tutorial posted about creating your own OAuth server in PHP using the oauth-php package to do the "heavy lifting".
If you've ever integrated with another API that requires security (such as Twitter), you've probably consumed an OAuth service. In this article, I'll explore what it takes to create your own three-legged OAuth server allowing you, for example, to create your own secure API which you can release publicly.
They include a visual representation of the OAuth authentication flow (it's not the simplest thing) and the database structure/sample code you'll need to get the server up and listening. Also included is a registration form and how to generate a request token and give back an access token. There's also some sample code showing how to validate the request and it's access token to check for a correct (and allowed) request.
voice your opinion now!
tutorial oauth server oauthphp flow authentication access validate
Sebastian Göttschkes: symfony2 Testing secure pages
by Chris Cornutt October 08, 2012 @ 13:13:19
Sebastian Göttschkes has a new post to his site showing you how to test secure pages within your Symfony2 applications using a simple "requestWithAuth" method.
If you develop a web application, more often than not you have some kind of user section or admin panel where some kind of login identifies the user and protects your actions against usage from unauthorized people. It can be difficult to do functional tests with this kind of pages as you need to simulate some session or cookie context. In this tutorial, I want to show you how to test your functional pages with symfony2 and phpunit.
He includes a "bad way" to do it, cheating by making a client and feeding it the HTTP auth credentials, and a more correct way involving the "requestWithAuth" method that's called whenever the "request" is called to push those credentials along with every request. Code for this basic function is included.
voice your opinion now!
symfony2 testing unittest authentication http auth tutorial
PHPMaster.com: Multi-Factor Authentication with PHP and Twilio
by Chris Cornutt June 22, 2012 @ 14:55:48
In this new tutorial on PHPMaster.com, Timothy Boronczk looks at using the Twilio API and multi-factor authentication.
You can make and receive phone calls and send and receive text messages using TwiML (Twilio Markup Language) and their REST API. You can work directly with the API, or use one of the available helper libraries. The library I'm using is twilio-php, which is the library released and officially supported by Twilio.
He shows you how to use the Twilio API library to create a connection object to their REST API and perform various actions like sending an SMS and placing a phone call. the code to built the multi-factor authentication is also included - a user login/password is checked against a database and a form is displayed (depending on if they want to voice call or SMS).
voice your opinion now!
authentication twilio api rest library service
|
Community Events
Don't see your event here? Let us know!
|