How can I simplify user authorization as much as possible?

Question

How can I simplify user authorization as much as possible?

I am developing a small website where I am going to allow the user to create accounts, but I have absolutely no idea when it comes to security when logging in.

I built my PHP project using codeigniter and found a library ( Tank Auth ) that could handle authorization for me. It stores the password securely, but I'm still worried about the part when the user sends their password to my server.

One easy way to do this is to send the password in a post request, but I would suggest that it is fairly easy to sniff such a password. Do I have to do something with the password on the client side before sending it to my server? And are there any good javascript libraries for this?

+3

security php login authorization codeigniter

Irro Jun 12 '10 at 14:58

source share

4 answers

symcbean · Answer 1 · 2010-06-12T21:51:24+0000

According to others, SSL is the preferred migration method.

David Watter measured hashing - there’s a detailed discussion of the process here

An alternative approach is to rely solely on external providers to process your authentication for you - openid , which is the most obvious candidate.

NTN

WITH.

David Wolever · Answer 2 · 2010-06-12T15:18:19+0000

You can spoof with hashing on the client side, but authentication over a secure connection (HTTPS) is generally considered sufficient.

MITM... MITM SSL- , , , , .

Kurucu · Answer 3 · 2010-06-12T19:42:11+0000

, SSL , . IP- .

, , , , . , MITM ; , , .

() - , .

Cetra · Answer 4 · 2010-06-12T15:18:49+0000

SSL, , .

If you encrypt it with something like rot13, etc., it will easily cancel.

As already mentioned, you would like to make sure that the security of your site is not dependent on Javascript, as this can be easily disabled.

Any other operations performed on the client side can be easily violated.

How can I simplify user authorization as much as possible?

More articles: