News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Resonant Core:
Remember Me Safely - Secure Long-Term Authentication Strategies
February 02, 2015 @ 11:18:42

On the Resonant Core blog there's a new post from Scott Arciszewski looking at some strategies for secure long-term authentication (usually in the form of "Remember Me" functionality).

Let's say you have a web application with a user authentication system, wherein users must provide a username (or email address) and password to access certain resources. Let's also say that it's properly designed (it uses password_hash() and password_verify() and rate-limiting; it doesn't have any SQli or XSS flaws). Everything is going well for a while, but eventually your users would like the convenience of a "Remember me on this computer" button. What do you do?

He proposes a few different solutions including:

  • the storage of credentials from the database in a cookie (a bad idea),
  • generating a unique token when the uses requests the "remember me" to store in a cookie
  • using two pieces of information, a random token and an "authenticator" for validation

He points out why the first two solutions aren't the best approaches and then gets into the details of how to handle the last recommendation. He includes both the SQL and the PHP code to make the token creation and verification work, performing an auto-login when the two values provided match up.

0 comments voice your opinion now!
rememberme security authentication longterm strategy

Link: https://resonantcore.net/blog/2015/02/remember-me-safely-secure-long-term-authentication-strategies

HHVM Blog:
HHVM Long Term Support
September 03, 2014 @ 10:50:20

The HHVM (HipHop VM from Facebook) has released an update on their blog today discussing some of the long term support they plan to provide for the project and what kinds of things it will involve.

HHVM is known for its very intense and quick development pace: currently we ship to GitHub the exact same code we use to run the Facebook site within minutes of every commit, and we release a full version every 8 weeks. That is great and at the same time scary if you are trying to build a business or infrastructure around it. The HHVM team at Facebook understands that in order to reach every corner of the PHP landscape our users need to have some sort of commitment, in order to plan their deployments accordingly and to know how upstream will react to security and stability fixes in already released versions, for example.

Starting with HHVM v3.3, they'll be supporting two major versions at all times. They provide a table of versions and dates to give you an idea of when the support coverage period is and when they'll end. There's also some discussions about the packaged released for the various linux distributions and what kinds of updates might be included in the long-term support (LTS) updates.

0 comments voice your opinion now!
hhvm support hiphop virtualmachine schedule longterm version

Link: http://hhvm.com/blog/6083/hhvm-long-term-support


Community Events

Don't see your event here?
Let us know!


podcast extension laravel5 interview voicesoftheelephpant framework laravel introduction language opinion release security api community symfony library series version threedevsandamaybe unittest

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework