News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Zend Developer Zone:
How to avoid Identity Theft in Zend Framework with Zend Auth
March 05, 2010 @ 10:59:28

On the Zend Developer Zone there's a new tutorial for those using the Zend Framework (and more specifically the Zend_Auth component) on a way that you can prevent identity theft in validating your users.

As I am building my applications, I always try to improve the code I write in some way. Today I thought about the security issues of any PHP application that uses an authenticating system. [...] There is one particular issue that bugged me for some time. The Identity theft - Broken account and session management issue. Why can one so easily still my session id cookie and suddenly gain access to my account in one particular web application?

He shares a class he's developed as a guideline to help your application automatically test to ensure that the information being given by the user is valid. It checks a security level and validates against the user agent and remote IP of the user to ensure they match. These two criteria might not always be the best choices, but it gives you a push in the right direction.

Code is also included to show how to integrate it into your Zend Framework application by loading it into your base controller and using the "hasIdentity" and "hasSecureIdentity" methods to check the user's credentials.

0 comments voice your opinion now!
zendframework tutorial zendauth security


blog comments powered by Disqus

Similar Posts

Zend Developer Zone: Zend Framework's MVC Introduces the ViewRenderer

NetTuts.com: Laravel Unwrapped: Session, Auth and Cache

Gabi Solomon's Blog: Using Zend Framework Language Component

DZone.com: The PHP frameworks poll results

ReadyToBeServed.com: Web Host May Ask Client To Cover Cost Of Hack


Community Events





Don't see your event here?
Let us know!


api list code interview podcast development version application laravel introduction release series developer framework deployment conference language zendserver community tips

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework