Re: [phplib-users] PHP 5.2 and PHPlib
Brought to you by:
nhruby,
richardarcher
From: Lindsay H. <fmo...@fm...> - 2008-08-23 14:52:29
|
On Fri, 2008-08-22 at 21:14 -0700, aric caley wrote: > I think the current default handing of sessions in PHP sucks. I just > got bit by some security holes due to session handling. I think there > is still a need for a top notch, efficient and flexible session > handling system. The session handling in PHPlib is rooted in PHP3, before PHP implemented native session management in v4. It's database-oriented, which it no longer _needs_ to be, although I can conceive of situations in which it might be advantageous to use db-based session management as opposed to the native PHP session management. I looked at some of the PHPlib session management code a couple of years ago with a view to rewriting some of it, and I came to the conclusion that there are some API features in PHPlib's session management that can't be easily reproduced using PHP's native session management. > I also like the authentication system and it doesnt seem like there's > many other good auth systems out there. PEAR's Auth module is quite good. I believe it does challenge authentication by default. I wrote a class which I use frequently, based on the PHPlib perm and auth module APIs, using PEAR::Auth which combines both, and rides on top of native PHP4+ session management. PHPlib was written before PEAR came out. PEAR contains much of the functionality that PHPlib contains, and is pretty solid, albeit not really well documented sometimes. It seems silly to re-invent the wheel here. On the other hand, I've found that the PEAR API is often excessively rich for simple applications, and using it requires one to nail down a lot of configuration params that could easily default to reasonable values 90% or so of the time. This is why I've written several classes for my own use which rely on PEAR but present the PHPlib API, which is relatively simple, not to mention the fact that I'm already familiar with it. -- Lindsay Haisley | "Everything works | Accredited FMP Computer Services | if you let it" | by the 512-259-1190 | (The Roadie) | Austin Better http://www.fmp.com | | Business Bureau |