News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Michael Kimsal:
Why do no almost no web frameworks come with any authentication/authorization?
February 22, 2013 @ 10:14:08

In a new post to his site Michael Kimsal poses an interesting question about something he's noticed in several frameworks - and not just PHP ones: there seems to be a lack of authentication/authorization functionality coming bundled in.

Why do almost no web frameworks provide any default authentication/authorization functionality, with default examples of best practices for common use cases. The standard response I've gotten for years was/is "well, everyone's needs for authentication are different". No, they are not. A (very?) large majority of web applications (which is what most web frameworks are used to build), require some form of user login and authorization management, and often self-registration, dealing with lost passwords, etc.

He points out that by not having something a user can immediately deploy that's been well tested and relatively risk-free, it can introduce security holes as a developer is "left to fend for themselves". He suggests that the "not everyone's the same" mentality that seems to go with authentication/authorization isn't as valid as once thought. He does point out that both Symfony2 and Zend Framework 2 come with ACL functionality, but no common user handling. He mentions ones in a few other tools used in other languages too like Devise in Ruby, Spring Security in Grails and a membership system in ASP.NET.

0 comments voice your opinion now!
framework opinion authorization authentication missing feature


blog comments powered by Disqus

Similar Posts

Frank de Jonge: A Case Against Coding Lingo

Richard Thomas' Blog: jQPie and Ext

JSClasses.org Blog: Lately in JavaScript podcast - Episode 5 (Javascript to Replace PHP?)

Lee Blue's Blog: What's The Best PHP Framework?

Joshua Eichorn's Blog: Cool Things in PHP5 azPHP Slides


Community Events





Don't see your event here?
Let us know!


community framework podcast security version laravel list conference symfony interview tool library series composer language introduction artisanfiles voicesoftheelephpant opinion release

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework