Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Can anyone help me out to find the best encryption method for codeigniter?
hi you can use md5 php function to encryt password string while login you have to check hash of string with hash saved in database there is one good post for password encryption you can read that
stackoverflow post
here are two good libraries for creating encrypted password
PHP Password library
PHPass
codeigniter auth library like tank auth using PHPass for encrypting password
I generally use SHA1 with some static salt concatenated to it.
In few months a new php password API will be available.
https://gist.github.com/3707231
Its greatest advantage is that it hugely simplifies existing hashing APIs while still maintaining a high level of security.
Use password_compat from github.
Implements the new PHP 5.5 password hasing logic but you can use it now for older PHP versions
Link: GITHUB PASSWORD_COMPAT
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 years ago.
Improve this question
I'm trying to figure out what's the correct way to authenticate users with Passport for a Vue SPA. I can't figure out which grant type I should use considering that implicit grant is not recommended by IETF’s OAuth working group and the other methods require to pass the client_secret with the request, I'm a bit lost...
I was thinking password grant but I receive a refresh token and it’s not really secure to store it in the localstorage.
I also thought about the cookie injected by laravel passport in every request but I can’t find out how to login from my SPA with this approach...
Any lead on what’s the best / more secure way to do this ?
Thanks!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I'm new in laravel, I want to create basic Laravel API without login authentication to get the token. Is there a way to create a static API token that can access fron header?, any answer would be appreciated.
You should use Laravel Passport definitely.
Documentation of Passport and underlying Oauth2 Server, could be a way better.
But despite this fact, it is a way to go, for building real, good working API.
If you want to use password grant token only (which is the most used scenario) then this post might be helpful to you...
You can do it using Laravel Passport. Read the documentation here https://laravel.com/docs/5.6/passport
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I am writing a Springboot application that needs to authenticate users to an OAuth2 client provided by another group. The OAuth2 client provides two authentication schemes: form and sso. The application I am building needs to use the sso scheme because the application has no option to redirect the user to a login form.
Spring security contains an enum that provides the security.oauth2.client.client-authentication-scheme options that can be used, sso is not one provided so I need to be able to somehow extend this or provide a custom option.
Ultimately the application needs to generate a GET request that will take this form: https://iapi.mycompany.com/authentication-service/v2/authorize?response_type=code&client_id=myClientIdHere&redirect_uri=https:/myclient.mycompany.com/redirect&state=someStateString&login_method=sso
As far as I can tell it's really only the login_method=sso part which is the custom part that needs producing. Any ideas on how I can convince Spring security to do this for me?
Turns out the solution is to comment out the security.oauth2.client.client-authentication-scheme property in application.properties and to append ?login-method=sso to the security.oauth2.client.user-authorization-uri property.
Final property looks like this:
security.oauth2.client.user-authorization-uri=https://iapi.mycompany.com/authentication-service/v2/authorize?login_method=sso
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 9 years ago.
Improve this question
I am new to Laravel and I noticed that it has an auth library but I would like to know what threats does it protect against. For example, does it use any technique to protect against brute force attacks?
Laravel Auth library/class only autheticate the user (or whatever you may authenticate) in your system and using it with the filters, you can garantee that the user only see what is permited for him to see. It does not really care in secure your system against attacks, for exemple. That's is on you!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 3 years ago.
Improve this question
I'm developing eBay Sinatra application and need to authenticate an user by their login and password to give them the ability to request their information from eBay by themself. By authentication I mean authentication by redirection (or something like) to eBay and entering their login and password. It's similar to Facebook authentication.
I did a research but found almost zero.
Your suggestions?
Omniauth has a strategy for ebay authentication. I haven't used it but omniauth is a competent gem for handling different login strategies for various sites out there. Recently I have used omniauth with rails but a couple of months ago I did likewise with padrino so I think it should work nice with pure sinatra also.