Comments (6)
Hey dreamer,
I really appreciate this. The reason I am using the encryption algorithm I am using now is for backwards compatibility with Redux Auth. It seems that Ion Auth has pretty much taken over Redux so backwards compatibility may not be an issue for much longer but then it would be an issue for the existing Ion Auth user base.
The best compromise would be to add this as a config option so existing installs don't break.
One thing I've been wanting to add for awhile is a lock out, a five wrong passwords and you are locked out and must reset by email sort of thing. In your opinion is there any advantage in changing the hashing algorithm over adding a lockout? The only time I could see the advantage is if a hacker gained access to the DB data...
Thanks!
from codeigniter-ion-auth.
IMHO. I would add both. Actually lockout - is what I'm working on right now.
I wouldn't worry about backward compatibility - it's not like it's a commercial app.
You don't owe anything to anyone. If it's better - just implement it.
from codeigniter-ion-auth.
dreamer111: Remember that Ion Auth is the most used auth system around, used in PyroCMS and in several other commercial addons. As Ben is one of the contributors for PyroCMS I would strongly suggest we don't do anything to bust compatibility.
from codeigniter-ion-auth.
dreamer,
I've personally used Ion Auth in several commercial apps and a few enterprise apps plus there is all the Pyro installs that Phil mentioned.
Backwards compatibility doesn't see like a big deal until you need it. Causing hundreds or thousands of existing users to not be able to log in after a library upgrade ends up being a pretty big deal.
If you fork and send me a pull request for the lock out code I'll be glad to merge it in. Just don't add any additional tables, use the users table. And I will think about adding additional encryption options in as a config option at some point in the future.
Thanks!
from codeigniter-ion-auth.
i seriously question "PyroCMS commercial" use. afaik Admin theme doesn't even support ie. also - Phil seem to be a douche.
from codeigniter-ion-auth.
We turned over a few £k since the launch of our store and have over 10,000 installs, so yes it is commercial use. Besides as Ben points out I am not the only one using it, several of our friends (and a lot of the community) uses Ion Auth, it has become the defacto-standard like Redux used to be.
Not sure what your attitude is about, but try to keep the conversation constructive. A config option for this would be fine.
from codeigniter-ion-auth.
Related Issues (20)
- Help me, how to call auth controller HOT 3
- install with composer problem HOT 1
- .
- Security Issue: Potential timing attack when using '===' to compare password hashes HOT 1
- The number of logged in users or even the list of logged in HOT 1
- Problems with autentification HOT 1
- Feature suggestion remember me
- Issue when using remember password and password need to be rehash, remember_code = null and cookie remember_code fail to match HOT 1
- Description of getUsersGroups() method is incorrect HOT 2
- reset password not working properly on function forgotten_password_check($code) and email send HOT 17
- ionAuth as CI4 service? (question) HOT 2
- Error when called from phpunit HOT 9
- Users can still log in using "Remember Me" cookies when the feature was disabled HOT 1
- Automatically Login user after successful registration in Codeigniter-3 | Ion_auth HOT 1
- Force user change password HOT 2
- Different behavior of session handle in local versus remote server HOT 3
- Unable to send e-mail HOT 3
- IonAuth - Codeigniter 4 - not working in php 8.2 HOT 4
- Unable to rehashed the Password HOT 2
- No 3.x releases - why? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from codeigniter-ion-auth.