 | News Feed |
 | Jobs Feed |
Sections
|
| feed this: |  |
Anthony Ferrara's Blog: Security Review Creating a Secure PHP Login Script
by Chris Cornutt August 03, 2011 @ 12:02:19
In response to this article from DevShed about creating a "simple and secure login script", Anthony Ferrara has written up this post to help dispel some of the inaccuracies, bad practices and security issues that could result from DevShed's code.
I decided to click the link [in my feed reader] and give the article a read. Not overly shocking was the fact that I didn't find the content of the article to be, how shall I say this..., overly factual. It's not really a "tutorial", but more of a "here's some code that's secure". A quick review of the code found more than one vulnerability, and some significant things that I would change about it (as well as a few "really bad practices").
He walks through each of the files included in the original tutorial - Authenticate.php, Register.php and Logout.php - and talks about things like brute force detection, password verification, registration handling and session serialization. He finishes it off with a list of twelve overall issues he noticed during his work along with solutions for each (usually very simple ones too).
voice your opinion now!
security review response devshed secure login tutorial
Devshed: Simple and Secure PHP Login Script
by Chris Cornutt July 28, 2011 @ 09:57:39
In this new tutorial on DevShed, they walk you through the creation of a secure login script that uses sha256 encryption, a captcha to prevent automated signups, XSS attack protection and several other features.
Recent advancements in PHP offer the developer a variety of tools to improve the security of login systems. [...] This programming tutorial will teach you how to create a simple, yet secure login script utilizing PHP using MySQL and bracing for XSS attack prevention.
Other features include no persistent logins, preventing direct file access, an idle timeout on the user session, protection against session fixation and anti-brute force measures. Full (procedural) code is provided as well as screenshots from phpMyAdmin showing the database table structure. You can grab the code for the project here.
voice your opinion now!
simple secure login script user tutorial
NetTuts.com: Integrating Two-Factor Authentication with CodeIgniter
by Chris Cornutt June 27, 2011 @ 09:31:05
On NetTuts.com today they have a new tutorial showing you how to use two-factor authentication in your CodeIgniter-based application - a login process combining a username/password and access to a device that's authorized for the account.
Two-factor authentication is a way of proving your identity based on your username and password as well as a physical device that you can carry with you. This makes it much harder for crooks to steal your identity, since they will need access to your phone or hardware token - not just your login credentials.
They've chosen the free service offered by Duo Security that lets you approve the device in several ways including a phone call, SMS tokens and push-based authentication. They walk you through the setup of a Duo account, making an "Integration", grabbing the PHP and Javascript files needed to make it work and changing up your user and administration module to send a bcrypted value to the service. They flesh it out with a new version of the view to include the Duo code and generating the signed request.
voice your opinion now!
twofactor authentication codeigniter tutorial login duosecurity
PHPBuilder.com: Implementing User Authentication and Session Management with PHP
by Chris Cornutt May 18, 2011 @ 08:43:35
On PHPBuilder.com there's a new tutorial posted showing you how to create a user authentication system that uses sessions to handle the logged in user's information.
Outside of installation and configuration issues, reader questions pertaining to user authentication and session management almost certainly rank among the most common I receive on an ongoing basis. The logic itself is pretty straightforward; however, even a simple implementation involves a number of small but important details which aren't always so easy to figure out the first time around. This tutorial serves to dispel much of the confusion by guiding you through the implementation of a simple user authentication feature which will subsequently keep the user logged in via a session.
He helps you create the simple login form, a table in MySQL to store the user data in and the PHP script (complete with input filtering) to handle the login. The system also tracks the last login of each user by updating the table with a timestamp each time they successfully log in.
voice your opinion now!
session management tutorial mysql database track login
Script-Tutorials.com: Creating a Modern Looking Animated Login System in PHP
by Chris Cornutt May 04, 2011 @ 09:15:58
New from the Script-Tutorials.com site there's a guide to getting a modern looking animated login system working on your PHP application. It uses jQuery to do some of the "modern" bits when the user logs in.
Today we will continue PHP lessons, and our article will about creating modern php login system. Possible you already saw similar ways to display login forms, and today we will repeat this by self. In result - it will some small element in your page layout, and after clicking on it - will appear some area, where we will see some welcome message, login form and another useful information. All very user friendly. So, its time to try demo.
You can start with the live demo or grabbing the code in a package to investigate or you can follow along in the post - full code and styling are provided.
voice your opinion now!
animated login tutorial jquery css
phpDevelopment Blog: Zend Framework Tutorial Series Part 3 '" Login and Signup with (RE)Captcha
by Chris Cornutt July 13, 2010 @ 12:30:32
In a new post to his phpDevelopment blog Andrei Gabreanu has added the third part of his Zend Framework tutorial series. This time he looks at using a CAPTCHA image in your form via a call to a Zend_Captcha component.
he third part of the tutorial series will present you with a fully functionable solution for a login and signup page that activates a RECaptcha, via Zend_Captcha as a Service, when the user attempts to login/signup 3 times and fails. The tutorial will also show you how to use your models and how to structure your business logic inside your module based application.
They help you set up the database configuration information, create a sample layout for the page, work with the authentication and users controllers and, of course, the form. The inclusion of the CAPTCHA is as easy as adding a Zend_Form_Element_Captcha to the Zend_Form instance and setting up the user/signin process.
voice your opinion now!
zendframework login signup tutorial captcha
|
Community Events
Don't see your event here? Let us know!
|