News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Michael Kimsal:
Why do no almost no web frameworks come with any authentication/authorization?
February 22, 2013 @ 10:14:08

In a new post to his site Michael Kimsal poses an interesting question about something he's noticed in several frameworks - and not just PHP ones: there seems to be a lack of authentication/authorization functionality coming bundled in.

Why do almost no web frameworks provide any default authentication/authorization functionality, with default examples of best practices for common use cases. The standard response I've gotten for years was/is "well, everyone's needs for authentication are different". No, they are not. A (very?) large majority of web applications (which is what most web frameworks are used to build), require some form of user login and authorization management, and often self-registration, dealing with lost passwords, etc.

He points out that by not having something a user can immediately deploy that's been well tested and relatively risk-free, it can introduce security holes as a developer is "left to fend for themselves". He suggests that the "not everyone's the same" mentality that seems to go with authentication/authorization isn't as valid as once thought. He does point out that both Symfony2 and Zend Framework 2 come with ACL functionality, but no common user handling. He mentions ones in a few other tools used in other languages too like Devise in Ruby, Spring Security in Grails and a membership system in ASP.NET.

0 comments voice your opinion now!
framework opinion authorization authentication missing feature


blog comments powered by Disqus

Similar Posts

Marco Tabini's Blog: Thoughts for a new year: PHP as the new Java

Chris Hartjes: So You Want to Write Tests

Zend Developer Zone: Deleting indexes from Zend_Registry and why you shouldn't do it !

Padraic Brady's Blog: Namespaces (or Yet Another Pointless Opinion Piece)

Fabien Potencier's Blog: Create your own framework... on top of the Symfony2 Components (part 5)


Community Events

Don't see your event here?
Let us know!


wordpress extension framework language release development middleware api unittest community voicesoftheelephpant laravel5 interview library laravel opinion introduction conference series podcast

All content copyright, 2015 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework