tl;dr version I need a sexy session and authentication handler for a publicly accessible, internal company tool. Should I create my开发者_C百科 own or is there an existing tool everyone finds dreamy?
Here are my specifics:
Authentication: I've spent the past few weeks studying up on the dangers of user security in PHP and it seems the further down the rabbit hole you dive, the more there is to learn. I feel confident that I can write a system that rotates sessions on every request, can prevent XSS and XSRF, and generally protect my backend fairly well. I'm hesitant to look into existing tools simply because its easier to trust and blame yourself than someone else.
Session Handling: The more I looked into security, the more pragmatic it seemed that its smarter to use session handling inside a database instead of native to PHP. That way, you can build and monitor ACLs easier, clustering, etc.
My concern with a database structure is that if there are a few hundred people hammering on this database at a time altering their session_ids every page call, I could run into some performance issues at scale.
Originally I was planning on creating my own classes for this in PHP and use MySQL as the backend. Now I'm worried that MySQL would have concurrency issues. I've looked into NoSQL like MongoDB, but then I paralyze myself thinking that I may be OVERTHINKING the whole damn thing. Then after the brain freeze pain is over, I start to think "someone has to have already done this and I guarantee they've thought of everything I'm too stupid to consider."
I'm hoping there are greater minds out there that have encountered the same questions I am facing and have some advice for me. Is there something out there that you would trust for this type of purpose or should I continue down the path of writing my own and if so which tools do you think are the best option for such a task?
If you made it this far, thank you very much for your time and I look forward to hearing the thoughts of the community on this!
best use your own code, but thats just my opinion...
"someone has to have already done this and I guarantee they've thought of everything I'm too stupid to consider."
well that would be cool if youre right. but what if youre wrong.. will you look thru the whole code of a framework :O ?
when you code it - you know what it does :)
and about db performance issues - cache all that you can in the session.
and i am sure if you code it with care yourself it will be faster than any framework...
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论