开发者

Is PEAR Auth really a viable option for PHP authentication?

Looking at How can I store my users' passwords safely?, the best way to encrypt passwords is using phpass. I want to use PEAR Auth package for authentication, but PEAR only supports md5, sha1, sha256, sha512 and PEAR doesn't add a salt to the hash.

PEAR Auth also doesn开发者_如何学编程't support many of the features that are listed in How should I choose an authentication library for CodeIgniter?

  • reCAPTCHA supported
  • Activation emails
  • Unactivated accounts auto-expire
  • Uses phpass for hashing (and also hashes autologin codes in the DB)
  • Very reasonable security model around failed login attempts (good protection against bots and DoS attacks)
  • "Remember me" functionality

My question is: is PEAR Auth really a viable choice? It seems to use it, I will have to write all the missing features myself. Is there a better, more feature-rich Auth library that is not wrapped inside a framework? I just want basic, secure authentication for my simple web app.


If its only about the password hashing, I'd recommend using bcrypt. How you can use it in PHP is already a topic of a discussion.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜