All Questions
Tagged with phpauthentication
95 questions
1vote
1answer
34views
Does PHP's Composer provide cryptographic authentication and integrity validation?
Does PHP's Composer package manager cryptographically validate its payload's authentication and integrity for all packages after downloading them and before installing them? I see a lot of guides ...
- 1,146
0votes
1answer
957views
Implementing secure two factor authentication with Google Authenticator?
I would like to add two factor authentication to a login screen. My understanding of the process is the following: Generate a QR Code Scan this Code with Google Authenticator app Use a library to ...
2votes
0answers
909views
What's the best way to handle authentication across multiple different domains under the same service?
For a social networking site example.com, users all have their own domains. How can you keep someone seamlessly authenticated across all domains? For the main site, example.com, I am currently using: &...
- 21
0votes
1answer
192views
Is the authentication system of this website secure enough?
Since I write an API for a website, I'm interested in his login system and his requests but something bothered me, I have the impression that the security system is weak... When I login, I send POST ...
user267196
1vote
2answers
3kviews
JSON Web Token secret storage
I'm building an app where the client will be issued a JWT. The JWT will be passed to my API for every request. I'm leaning in the direction of hosting my webserver and SQL server separately from each ...
- 261
3votes
1answer
454views
Does it make sense to have the application block users by IP as well as the firewalls?
I am planning to create a system, but I still have some questions about security. I would like to know if it makes sense to block unauthorized users from accessing the system, through the ip, using a ...
- 143
0votes
3answers
325views
Is my login script secure – how to improve it?
I have a login system for my website that works as follows: In the database I have a table called users with the fields user, password and authentication_token. user gets set manually by request in ...
- 101
2votes
1answer
160views
Explaining a bad approach - not comparing hashes
Today I saw a snippet a code for authentication logic : function checkPass($pass, $login){ $inputedPass = $pass; $req = $bdd->prepare('SELECT password FROM agents WHERE password = ...
- 123
2votes
1answer
317views
What is the recommended way to generate API tokens using Laravel framework?
I'm a newbie in terms of security, but I need a suggestion to make sure the connection between an API and mobile apps is secure. I'm currently using the Laravel framework. Based on its documentation ...
- 133
-2votes
1answer
894views
Prevent unauthorized download of files from a webserver [closed]
So i have a webserver and i would like to have users login and then be able to download an exe file directly from the webserver the issues with this is that users can easily download the file directly ...
2votes
1answer
5kviews
Backend Authentication of Mobile App: Session ID vs. OAuth
Currently I am developing an iOS/Android app and a corresponding backend in PHP. In the last days I read a lot about user authentication and now I am a bit confused. For now I am using a session ID ...
- 23
1vote
1answer
131views
Do PHP redirect information disclosure also apply to other languages or framework?
When redirecting using header("Location MyPage.php"); in PHP, any code present after will be executed. So, if you're using this as a way to avoid user accessing pages where they should be logged in, ...
- 363
2votes
1answer
217views
Is this schema between a Desktop App and an API secure?
From my previous question: How secure is this schema between a Desktop App (c++) and an API (php). Introduction I made a paid Desktop-app that required constant internet connection (because of its ...
1vote
1answer
270views
How secure is this schema between a Desktop App (c++) and an API (php)
as title says I'm writing a paid Desktop App that automates some process, it indirectly requires internet connection because MY app automates another Desktop app that requires internet connection. ...
0votes
1answer
3kviews
Security issues with using JWT + cookies for session authentication?
Trying to get my head around not using traditional $_SESSIONS to keep user logged-in across pages. Are there security issues with storing JWT in cookies to authenticate a user session? Here's a bare ...
- 2,978
