Has anybody tried out simpleloginsecure authentication library for codeigniter? I like that it has such a small footprint. Also it uses phpass for hashing which is supposed to be good. I am concerned that it does not store session data in the database (i.e. $config['sess_use_database'] = FALSE;). I guess I could add custom functionality. But if the hashing is secure is it still important to validate session data or is it ok not to store it in the db?
views:
412answers:
2Hi there,
Provided there are no glaring SQL injection vulnerabilities, and the passwords are salted before encyption, I wouldn't hesitate to use the library.
Sessions on the filesystem is only really a problem if you are running your application on multiple servers. You can extend PHP's inbuilt session handler to use the database, anyway.
I am sure simpleloginsecure is secure enough for production use for most smaller applications. This has become the authoritative post on Codeigniter authentication libraries.. it has a rundown of all the pros-cons of the major libraries, including simpleloginsecure:
Update: Also, zend-auth (courtesy of the zend framework) is supposed to be very good, and can be integrated into Codeigniter. I am working on integrating it myself for one of my side projects: http://freakauth.4webby.com/tutorials/using-zend-framework-components-in-code-igniter