- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
关闭。这个问题不满足Stack Overflow guidelines .它目前不接受答案。
想改善这个问题吗?更新问题,使其成为 on-topic对于堆栈溢出。
6年前关闭。
Improve this question
我看到有a few .哪些易于维护且易于使用?它们的优缺点是什么?
最佳答案
更新(2010 年 5 月 14 日):
事实证明,俄罗斯开发人员 Ilya Konyukhov 在阅读本文后接受了挑战,并按照以下建议和要求为基于 DX Auth 的 CI 创建了一个新的身份验证库。
以及由此产生的 Tank Auth看起来像 OP 问题的答案。我打算在这里大胆地将 Tank Auth 称为当今可用的 CodeIgniter 的最佳身份验证库。这是一个坚如磐石的库,具有您需要的所有功能,而且没有您不需要的臃肿:
坦克认证
Pros
- Full featured
- Lean footprint (20 files) considering the feature set
- Very good documentation
- Simple and elegant database design (just 4 DB tables)
- Most features are optional and easily configured
- Language file support
- reCAPTCHA supported
- Hooks into CI's validation system
- Activation emails
- Login with email, username or both (configurable)
- Unactivated accounts auto-expire
- Simple yet effective error handling
- Uses phpass for hashing (and also hashes autologin codes in the DB)
- Does not use security questions
- Separation of user and profile data is very nice
- Very reasonable security model around failed login attempts (good protection against bots and DoS attacks)
(Minor) Cons
- Lost password codes are not hashed in DB
- Includes a native (poor) CAPTCHA, which is nice for those who don't want to depend on the (Google-owned) reCAPTCHA service, but it really isn't secure enough
- Very sparse online documentation (minor issue here, since the code is nicely documented and intuitive)
Pros
- Very full featured
- Medium footprint (25+ files), but manages to feel quite slim
- Excellent documentation, although some is in slightly broken English
- Language file support
- reCAPTCHA supported
- Hooks into CI's validation system
- Activation emails
- Unactivated accounts auto-expire
- Suggests grc.com for salts (not bad for a PRNG)
- Banning with stored 'reason' strings
- Simple yet effective error handling
Cons
- Only lets users 'reset' a lost password (rather than letting them pick a new one upon reactivation)
- Homebrew pseudo-event model - good intention, but misses the mark
- Two password fields in the user table, bad style
- Uses two separate user tables (one for 'temp' users - ambiguous and redundant)
- Uses potentially unsafe md5 hashing
- Failed login attempts only stored by IP, not by username - unsafe!
- Autologin key not hashed in the database - practically as unsafe as storing passwords in cleartext!
- Role system is a complete mess: is_admin function with hard-coded role names, is_role a complete mess, check_uri_permissions is a mess, the whole permissions table is a bad idea (a URI can change and render pages unprotected; permissions should always be stored exactly where the sensitive logic is). Dealbreaker!
- Includes a native (poor) CAPTCHA
- reCAPTCHA function interface is messy
Pros
- Very full featured
- Mostly quite well documented code
- Separation of user and profile data is a nice touch
- Hooks into CI's validation system
- Activation emails
- Language file support
- Actively developed
Cons
- Feels a bit bloated (50+ files)
- And yet it lacks automatic cookie login (!)
- Doesn't support logins with both username and email
- Seems to have issues with UTF-8 characters
- Requires a lot of autoloading (impeding performance)
- Badly micromanaged config file
- Terrible View-Controller separation, with lots of program logic in views and output hard-coded into controllers. Dealbreaker!
- Poor HTML code in the included views
- Includes substandard CAPTCHA
- Commented debug echoes everywhere
- Forces a specific folder structure
- Forces a specific Ajax library (can be switched, but shouldn't be there in the first place)
- No max limit on login attempts - VERY unsafe! Dealbreaker!
- Hijacks form validation
- Uses potentially unsafe md5 hashing
Pros
- Good feature set for its tiny footprint
- Lightweight, no bloat (3 files)
- Elegant automatic cookie login
- Comes with optional test implementation (nice touch)
Cons
- Uses the old CI database syntax (less safe)
- Doesn't hook into CI's validation system
- Kinda unintuitive status (role) system (indexes upside down - impractical)
- Uses potentially unsafe sha1 hashing
Pros
- Small footprint (6 files)
Cons
- Lacks a lot of essential features. Dealbreaker!
- Everything is hard-coded. Dealbreaker!
Pros
- Lightweight and simple to integrate with CodeIgniter
- Supports sending emails directly from the library
- Well documented online and good active dev/user community
- Simple to implement into a project
Cons
- More complex DB schema than some others
- Documentation lacks detail in some areas
Pros
- Tiny footprint (4 files)
- Minimalistic, absolutely no bloat
- Uses phpass for hashing (excellent)
Cons
- Only login, logout, create and delete
- Lacks a lot of essential features. Dealbreaker!
- More of a starting point than a library
- Tiny footprint with optional test implementation
- Full documentation
- No autoloading required. Just-in-time loading of libraries for performance
- Language file support; no hard-coded strings
- reCAPTCHA supported but optional
- Recommended TRUE random salt generation (e.g. using random.org or random.irb.hr)
- Optional add-ons to support 3rd party login (OpenID, Facebook Connect, Google Account, etc.)
- Login using either username or email
- Separation of user and profile data
- Emails for activation and lost passwords
- Automatic cookie login feature
- Configurable phpass for hashing (properly salted of course!)
- Hashing of passwords
- Hashing of autologin codes
- Hashing of lost password codes
- Hooks into CI's validation system
- NO security questions!
- Enforced strong password policy server-side, with optional client-side (Javascript) validator
- Enforced maximum number of failed login attempts with BEST PRACTICES countermeasures against both dictionary and DoS attacks!
- All database access done through prepared (bound) statements!
关于php - 我应该如何为 CodeIgniter 选择身份验证库?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/346980/
Java 库和 android 库有什么区别,各自有什么优点/缺点? 最佳答案 您可以在 Android 应用程序中包含标准 Java .jar 文件库。它们在 .apk 构建时被翻译成 Dalvik
所以,我现在的代码就像从 Java 层加载库(比如 liba.so),并在内部 liba.so 加载 libb.so。因此,如果我必须将所有库打包到 APK 中并将其安装在没有 root 访问权限的设
我想在我的系统中设置 LEDA 库。 我已经从以下链接下载了 LEDA 库 http://www.algorithmic-solutions.info/free/d5.php Instruct
我想用 autoconf 创建一个共享库。但是,我希望共享库具有“.so”扩展名,而不是以“lib”开头。基本上,我想制作一个加载 dlopen 的插件。 .是否有捷径可寻? 当我尝试使用 autoc
我需要在 Apps 脚本应用程序上修改 PDF。为此,我想使用 JS 库:PDF-LIB 我的代码: eval(UrlFetchApp.fetch("https://unpkg.com/pdf-lib
我正在构建一个使用以下 Boost header 的程序(我使用的是 Microsoft Visual C++ 10), #include #include #include #include
当我通过 cygwin 在 hadoop 上运行此命令时: $bin/hadoop jar hadoop-examples-*.jar grep input output 'dfs[a-z.]+' 我
我已经通过 vcpgk 成功安装了一个 C++ 库,名为:lmdb:x64-windows 我还安装了lmdb通过 Cabal 安装的 Haskell 绑定(bind)包 在尝试测试 lmdb 包时:
我该如何解决这个问题? 我刚刚将 javacv jar 文件复制到我的项目 Lib 文件夹下,但出现了这个错误! 我可以找到这个thread来自谷歌,但不幸的是,由于我国的谷歌限制政策,该页面无法打开
我有一个 Android 库项目 FooLib。 FooLib 引用 Android Context 之类的东西,但不需要任何资源文件(res/ 中的东西)所以我目前将其打包为供我的应用使用的 JAR
我正在开发一个 Android 应用程序(使用 Android Studio),它能够通过手势识别算法了解您正在进行的 Activity 。对于我使用 nickgillian ithub 帐户上可用的
关于从 .NET Framework 项目中引用 .NET Standard 类库的问题有很多类似的问题,其中 netstandard 库中的 NuGet 包依赖项不会流向 netframework
我已经从互联网上下载了 jna-4.2.2.jar,现在想将这个 jar 导入到我的项目中。但是当我试图将这个 jar 导入我的项目时,出现以下错误。 [2016-06-20 09:35:01 - F
我正在尝试通过编译在 Mac 上安装 rsync 3.2.3。但是,我想安装所有功能。为此,它需要一些库,此处 ( https://download.samba.org/pub/rsync/INSTA
进入 Web 开发有点困难。过去 5 年我一直致力于 winforms 工作。所以我正在努力从一种切换到另一种。前段时间,我使用过 JavaScript,但现在还没有大量的 JavaScript 库
很难说出这里要问什么。这个问题模棱两可、含糊不清、不完整、过于宽泛或夸夸其谈,无法以目前的形式得到合理的回答。如需帮助澄清此问题以便重新打开,visit the help center . 关闭 1
我正在寻找一个用Python编写的与logstash(ruby + java)类似的工具/库。 我的目标是: 从 syslog 中解析所有系统日志 解析应用程序特定日志(apache、django、m
就目前情况而言,这个问题不太适合我们的问答形式。我们希望答案得到事实、引用资料或专业知识的支持,但这个问题可能会引发辩论、争论、民意调查或扩展讨论。如果您觉得这个问题可以改进并可能重新开放,visit
我花了几天时间试图寻找用于 JavaPOS 实现的 .jar 库,但我找不到任何可以工作的东西。我找到了很多像这样的文档:http://jpos.1045706.n5.nabble.com/file/
这个问题在这里已经有了答案: Merge multiple .so shared libraries (2 个答案) 关闭 9 年前。 我有我在代码中使用的第三方库的源代码和对象。该库附带有关如何使
我是一名优秀的程序员,十分优秀!