6 Replies - 818 Views - Last Post: 09 December 2016 - 12:25 PM Rate Topic: -----

#1 Splashsky   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 309
  • Joined: 25-August 13

User Authentication in 2016/2017

Posted 27 November 2016 - 07:08 PM

So I've been digging around in the "archives" of DIC and found some old stuff (2012/2011) regarding user authentication systems and I thought about modern security and how things change over time. I'm wondering what y'all's solution is for user authentication is; specifically for building such systems from scratch? I'm trying to build a new project from scratch to learn again what I forgot. However, there seems to be a lack of more recent guides on modern security, or any decent guides on managing user sessions with cookies. Anyone have some pointers on where to start?

Is This A Good Question/Topic? 0
  • +

Replies To: User Authentication in 2016/2017

#2 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2523
  • View blog
  • Posts: 10,101
  • Joined: 03-December 12

Re: User Authentication in 2016/2017

Posted 27 November 2016 - 08:28 PM

Most of my systems have been modernized into RESTful APIs. I then use cURL authentication. This allows full separation of back-end to front end coding. Which means, the back-end stays the same and the front-end could be a desktop application, a web application, whatever that can consume a JSON string.
Was This Post Helpful? 0
  • +
  • -

#3 Splashsky   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 309
  • Joined: 25-August 13

Re: User Authentication in 2016/2017

Posted 27 November 2016 - 08:59 PM

REST is interesting, but I think that's sort of outside the range of what I'm looking for at the moment. Could you elaborate on using cURL for authentication? REST and cURL are a tad more complicated than I know for the time being. ^^'
Was This Post Helpful? 0
  • +
  • -

#4 ArtificialSoldier   User is offline

  • D.I.C Lover
  • member icon

Reputation: 2021
  • View blog
  • Posts: 6,151
  • Joined: 15-January 14

Re: User Authentication in 2016/2017

Posted 28 November 2016 - 11:24 AM

cURL is just a way for the server to send requests. You would send the same kind of request that a browser would send, for example submitting a form or whatever else. You could create a post request, add fields and data, and send the request to the URL. You can still add all of the various headers and things to keep cookies propagating or whatever else. So cURL is just a way for the server to send the same kinds of requests that the browser sends. So the server would send a login request with the username and password, and presumably get some sort of token back like you would normally get a cookie, and send that token on further requests so that the API will know who you are. The token could also change on every request, that would be a little more secure.
Was This Post Helpful? 0
  • +
  • -

#5 Splashsky   User is offline

  • D.I.C Regular

Reputation: 11
  • View blog
  • Posts: 309
  • Joined: 25-August 13

Re: User Authentication in 2016/2017

Posted 29 November 2016 - 08:40 PM

Oh dear. It seems I'd have to learn how to separate my back-end from my front-end. I'm going a tad retro, I suppose, using the standard PHP-generates-HTML from earlier on. Any guides on where to start making a web... application, I suppose?
Was This Post Helpful? 0
  • +
  • -

#6 astonecipher   User is offline

  • Senior Systems Engineer
  • member icon

Reputation: 2523
  • View blog
  • Posts: 10,101
  • Joined: 03-December 12

Re: User Authentication in 2016/2017

Posted 29 November 2016 - 09:16 PM

Start playing with frameworks, which doesn't really matter; Template systems, like Twig; and really understanding MVC to start with. The whole process is a learning curve that never actually stops.
Was This Post Helpful? 0
  • +
  • -

#7 jay_fox   User is offline

  • New D.I.C Head

Reputation: -1
  • View blog
  • Posts: 6
  • Joined: 02-December 16

Re: User Authentication in 2016/2017

Posted 09 December 2016 - 12:25 PM

Using MVC and open id for authentication would be best!
Was This Post Helpful? -1
  • +
  • -

Page 1 of 1