News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
How to avoid Identity Theft in Zend Framework with Zend Auth
March 05, 2010 @ 10:59:28

On the Zend Developer Zone there's a new tutorial for those using the Zend Framework (and more specifically the Zend_Auth component) on a way that you can prevent identity theft in validating your users.

As I am building my applications, I always try to improve the code I write in some way. Today I thought about the security issues of any PHP application that uses an authenticating system. [...] There is one particular issue that bugged me for some time. The Identity theft - Broken account and session management issue. Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application?

He shares a class he's developed as a guideline to help your application automatically test to ensure that the information being given by the user is valid. It checks a security level and validates against the user agent and remote IP of the user to ensure they match. These two criteria might not always be the best choices, but it gives you a push in the right direction.

Code is also included to show how to integrate it into your Zend Framework application by loading it into your base controller and using the "hasIdentity" and "hasSecureIdentity" methods to check the user's credentials.

0 comments voice your opinion now!
zendframework tutorial zendauth security


blog comments powered by Disqus

Similar Posts

Reddit.com: Hack: How to open the black box of Hacklang as a PHP developer

SitePoint Web Blog: Building Amazing Presentations with WImpress

Chris Shiflett\'s Blog: Essential PHP Security - Forms and URLs

Padraic Brady's Blog: Zend Framework App Tutorial - Part 9: Zend_Vew and Displaying Blog Entries

FrSIRT: Vivvo Article Management CMS SQL Injection and PHP File Inclusion Vulnerabilities


Community Events





Don't see your event here?
Let us know!


language laravel api tips developer framework zendserver voicesoftheelephpant deployment introduction library series podcast list conference release community bugfix symfony interview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework