A modern security best practice is to both implement and require a form of authentication beyond a simple password. This practice is known as “multifactor” authentication, as users will have a primary factor—their password—and a secondary factor to successfully authenticate to an application. Proper implementation of a multifactor authentication scheme keeps your application and its users safe and secure by […]

PHP is no longer limited to sitting behind a web server like Apache or NGINX waiting for requests to process. Serverless PHP with AWS’s lambda service is now possible. At the same time, you can also write event-driven, asynchronous servers with ReactPHP. In this issue, we take a look at these new ways to use PHP.

Proving the identity of a user isn’t the end of an application’s responsibilities: you must also verify the user is allowed to perform the actions they’re attempting. Conflating authentication (the act of identifying users) with authorization (the act of verifying their level of access within the system) is one of the most common ways applications have been breached in the recent past.

A solid practice in protecting user credentials is to never store passwords in plaintext on the server. Modern content management systems and PHP frameworks leverage strong one-way functions to store only hashes of passwords. This technique protects your users should your database ever be breached by an attacker. An even stronger mechanism, however, would never […]

Authentication is the foundation of your application’s security. Authentication separates guests from users and restricts functionality in your application to authenticated users. We can also take authentication a step further and completely offload the grunt work to some other service such a GitHub, Google, or any other third party authentication service provider.

By Arne Blankerts This article was published in the August 2017 issue of php[architect] magazine. You can see how it looks as part of the magazine in the Free Article PDF. Check out our subscription options to become one today. We have digital and print options starting at $4.99 per month. Requiring users to log […]

Read the August 2017 issue of the magazine. Topics this month include Google Authenticator, Single Sign On, job hunting, Zend Framework 3, RBAC, testing Laravel forms, and more.

Learn about designing security into your application from the start in the June 2017 issue of the magazine.

The April issue is available for download.This month, we look at multi-factor authentication, Homestead, Rocketeer deployments, API integrations, and more.

The April issue is available for download.This month, we look at multi-factor authentication, Homestead, Rocketeer deployments, API integrations, and more.