 | News Feed |
 | Jobs Feed |
Sections
|
| feed this: |  |
Leaseweb Labs Blog: Migration to Symfony2 continued
by Chris Cornutt February 09, 2012 @ 11:51:59
On the LeaseWeb Labs blog there's a continuation from a previous post about migrating your Symfony1 application over to Symfony2. In the first part of this series of posts, Stefan Koopmanschap talked about wrapping your code to make it work. In this second post, Maurtis van der Schee tackles two issues Stefan mentioned - performance problems and handling authorization/authentication.
On December 21, 2011 Stefan Koopmanschap wrote an excellent article on this blog titled "Painless (well, less painful) migration to Symfony2." [...] We were very much inspired by his passionate elucidation and we were fully convinced of the urge to start migrating to Symfony2 as soon as possible. However, he also provided us with a "A word of caution" about 2 things: performance and authentication/authorization. This might get some people worried, but not us: it challenged us to find a solution for those two open issues.
They explain why these two things are a problem and some of their solutions they've created - a .htaccess for routing and manually replicating the Symfony2 session in the Symfony1 code. Included in the post are the rewrite rules and code to make these two things happen (and a small configuration change to make them work).
voice your opinion now!
symfony2 migration wrapper authentication performance authorization
PHPMaster.com: Understanding OAuth - Tweeting from Scratch, Part 2
by Chris Cornutt October 25, 2011 @ 10:09:48
On PHPMaster.com today they're posted the second part of their OAuth series showing you how to use the authentication mechanism to connect to Twitter's API. (Part one is here.
Welcome back to Understanding OAuth - Tweeting from Scratch. This is Part 2 of the two-part series and picks up right where we left off in Part 1 with your returned Access Credentials. Since obtaining the credentials is the grueling part of the process, there's not much more left to do except posting a tweet on the user's behalf. Hopefully you'll find the final steps to be a lot easier to follow and more fun to implement.
They show you how to store the credentials from Part 1 into your session for safe keeping and include a simple form you will use to send a tweet to Twitter. They choose to manually build the HTTP POST request, including the credential headers along with the payload (oauth_consumer_key, oauth_signature, oauth_token, etc).
voice your opinion now!
oauth tutorial tweet series connection authentication api
Project: Warden A user database authorization package for FuelPHP
by Chris Cornutt September 29, 2011 @ 12:19:41
Fuel framework users have another option when it comes to user authentication management in their applications. Ando has released Warden, a package that manages logins, password hashing and user ACLs.
Warden is a user database authorization package for the FuelPHP framework that aims to fast track development by handling the work load of uthenticating user's. Built for performance, it comes with a ready-to-use user model and database install script.
The package uses bcrypt for password hashing and also provides features for forgotten passwords, password resets and "remember me" functionality. Installation is as simple as adding it to your "always_load" package list and setting up a few configuration options. Sample code for its features is included. You can get the latest version directly from github.
voice your opinion now!
fuelphp framework user authentication acl management package
Mike Purcell's Blog: Symfony - sfGuardPlugin - Use Email Instead of Username
by Chris Cornutt August 15, 2011 @ 08:43:56
Mike Purcell has a handy new post for the Symfony users out there wanting more flexibility with their sfGuardPlugin use in their application. He describes how you can use email instead of a username for working with the user information.
sfGuardPlugin is pretty awesome. It allows a symfony developer the ability to quickly implement a user login and access control system. However, there is an issue with respect to telling the plugin whether to use the username or the email column for validating user submitted input. After some Googling I found a few sites which forced sfGuardPlugin to use email rather than username, but only after quite a bit of work. What I am going to show will accomplish the same end goal, but with minor changes.
He starts with a look at the validator class, showing how the values are going to be passed to the backend. The plugin makes a call to a "retrieveByUsername" method to get the user's information, but his method overrides this...sort of. His method actually contains the query to fetch the user information by email instead. This is useful if you want to use the email address as a username for the site but still want to maintain data integrity on the user records (valid emails can then be used for auth and for sending messages).
voice your opinion now!
sfguard symfony email username tutorial authentication
StackOverflow.com: The Definitive Guide To Forms based Website Authentication
by Chris Cornutt August 12, 2011 @ 12:13:35
If you haven't seen it yet, there's a post over on StackOverflow that's been growing over the past few days about form-based authentication in websites. The author wants to make a definitive resource for people to use when making good, secure user authentication systems.
Please help us create the definitive resource for this topic. We believe that stackoverflow should not just be a resource for very specific technical questions, but also for general guidelines on how to solve variations on common problems. "Form Based Authentication For Websites" should be a fine topic for such an experiment.
They want to include topics like logins, storing passwords, "forgot password" security, OpenID, browser autocompletion, password strength, email validation and more. They already laid out eight different sections with summaries including:
- How To Remain Logged In - The Infamous "Remember Me" Checkbox
- Using Secret Questions
- Checking Password Strength
- Much More - Or: Preventing Rapid-Fire Login Attempts
- Two-Factor Authentication and Authentication Providers
There's some good feedback from other users with other suggestions and links to external resources that could shed some more light on the topic.
voice your opinion now!
guide form security user authentication website
Anthony Wlodarskis Blog: Authentication with Node.js and Zend Framework
by Chris Cornutt July 28, 2011 @ 13:41:28
Anthony Wlodarski has put together a new post to his blog talking about authenticating a Zend Framework app against Node.js with the help of the Socket.io component for handling credentials.
Zend Framework which is PHP based and Node.js which is JavaScript based don't have a common connection to pass data in a bi-directional nature. I was tasked with building a bridge of sorts that would utilize existing information from Zend Framework with the latest release of Socket.io's authorization mechanisms. (If you don't do this then arbitrary connections can happen and will be authorized.)
He starts with the code (on the Node.js side) to create a simple HTTP server to listen for the requests from the Zend Framework application. He gets into the details of how that all works before moving to the other side - a simple update to the authentication to store a session cookie with the information that is passed, via Socket.io to the waiting Node.js server for handling.
voice your opinion now!
nodejs zendframework authentication http socketio
|
Community Events
Don't see your event here? Let us know!
|