Looking at How can I store my users' passwords safely?, the best way to encrypt passwords is using phpass. I want to use PEAR Auth package for authentication, but PEAR only supports md5, sha1, sha256, sha512 and PEAR doesn't add a salt to the hash.
PEAR Auth also doesn开发者_如何学编程't support many of the features that are listed in How should I choose an authentication library for CodeIgniter?
- reCAPTCHA supported
- Activation emails
- Unactivated accounts auto-expire
- Uses phpass for hashing (and also hashes autologin codes in the DB)
- Very reasonable security model around failed login attempts (good protection against bots and DoS attacks)
- "Remember me" functionality
My question is: is PEAR Auth really a viable choice? It seems to use it, I will have to write all the missing features myself. Is there a better, more feature-rich Auth library that is not wrapped inside a framework? I just want basic, secure authentication for my simple web app.
If its only about the password hashing, I'd recommend using bcrypt. How you can use it in PHP is already a topic of a discussion.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论