forms - Implementing a log in/sign up feature -


so i'm intermediate web designer. want make website lets students @ university collaborate advertising work , being able apply. it's digital arts university , collaborating important everyone.

i want make site exclusive students @ uni, therefore need sign up/ log in feature, , have no idea need or how go it. i'm guessing databases required? have database knowledge, shouldn't problem.

i want make sign feature exclusive students e-mail domain specific uni. know possible, guessing require "verification" e-mails sent automatically, makes things harder.

so i'm asking, guidance on matter, if has experience or knows of resources use, great. ps. i'm not interested in having "profiles" , pages each member, want security feature more anything.

thanks alot!

i can't give perfect answer without understanding lots more environment, can point in right direction. but, before start, let me this:

warning: users reuse passwords across sites. so, while password database exposure site might not major problem (it doesn't sound you're storing credit card numbers or other sensitive material), may end exposing users @ other sites.

here ideas try in order of easiest (ie: secure) hardest (ie: riskiest):

  1. single sign-on (sso): organizations of moderate size have sso mechanism in place. allows program ask user login school account using school login , password. if login successful, you're program securely given email address of user authenticated. you'll need ask people in school's department this. asking them "do support oauth, saml, or similar sso can connect application?" should started. odds have sso mechanism may not let random apps connect it. you'll need see. solution best because gets out of authentication business altogether.
  2. use web framework's authentication system: many web frameworks support authentication out of box. example, if using jboss or .net, can leverage authentication system. you'll need read on framework you're using. i'm pretty sure php not support authentication out of box. if you're using option isn't available.
  3. find authentication library can leverage: start googling around open source authentication framework php or whatever framework you're using. if find one, you'll need install , configure it.
  4. write own: general strategy store username , salted hash of password. this reference on secure password storage should help.

as general rule security, more can leverage existing services, more secure solution be. try leverage else's work before getting creative.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more