[phpSecureSite-devel] Sessions?
Status: Alpha
Brought to you by:
egrinake
Menu
▾
▴
[phpSecureSite-devel] Sessions?
|
From: Woolhiser, E. <Eri...@bm...> - 2002-01-02 16:53:25
|
> -----Original Message----- > From: Erik Grinaker > Sent: Tuesday, January 01, 2002 15:07 > To: Woolhiser, Eric > > Yep, this is also the kind of scenario I'm designing the project for. > Large companies etc building a secure wep-app probably have developers > who are more than capable of handling the task themselves. > What I'd like > phpSecureSite to be is a quick and easy way for your average Joe Q. > Webmaster to add *secure* authentication and session-handling to their > webapp. Although I've seen all too many "professionally" made webapps > with a terrible, terrible, terrible security-scheme - which is why I > don't use php's session() family of functions, and rely on a > built-from-scratch session handling scheme, so that it can be easily > integrated into more complex applications, and fine-tuned to > perfection. > > As the system is today all you need is rw-access to the > filesystem (via > ftp or whatever) and full access to a mysql database. > OK, I gota ask, what do you think is wrong with using the session functions? If you are going to support sessions but not use the embedded functions, it sounds like you wish to re-invent the wheel here. Wouldn't phpSecureSite be more likely to thrive as an open source project if the code used the standard tool sets? |
