NYCPHP Meetup

[Kenneth Downs]

bz-gmort at beezifies.com wrote:
> Kenneth Downs wrote:
>> That can only be done if the password is stored on the browser 
>> between requests.  No thanks!
>> At any rate, in principle I believe that sessions are a bad way to do 
>> things, they just have that bag-on-the-side feel.  The only permanent 
>> use of a session in Andromeda is to store user information, notably 
>> user_id and password.
>
> Why do you need to store the password?
>
> Once the user has authenticated, their authenticated.  You don't need 
> to keep a password lying around past that point unless you want to 
> make them re-authenticate each time they access some data.  And since 
> your storing that information on the server, it's somewhat irrelevant 
> to store it since your already trusting whatever other mechanisms you 
> have between the user and the server.

Database access.  Each trip to the server requires that you make a 
connection to the server.

In the PHP+MySQL world it is taken as an article of faith that you 
connect to the database as a super-user or admin, and your application 
code handles security.  But not everybody thinks this way.

That approach has many problems in a large-table-count system, including 
but not limited to documentation of security policies, effectiveness, 
efficiency, and scalability.  Probably the the most significant problem 
is that you cannot provide your customer's IT departments with true 
access to the database, which is a requirement to get some jobs.

As part of an overall more secure architecture, we connect the user to 
the database with a real database account, the database server is in 
charge of security and the program code has nothing to do with it.  In 
fact, the program by itself has no ability to connect to the database 
unless given credentials by a user.  This solves many problems, but it 
does require us to keep track of the user's password once they've given 
it to us, so that we can connect to the database on each of their 
requests. 

Hence my only use of a session.

>
> Though I would point out that with browsers these days, that password 
> is gonna be stored on the browser no matter what you do short of 
> embedding a flash or java applet to process the logon.  They save so 
> much information, the user might have to explicitly confirm saving the 
> address, but it will be saved.

True, you cannot stop the various "wallet" mechanisms from storing it 
<Sigh>.  But at least I did not add yet another :/


-- 
Kenneth Downs
Secure Data Software, Inc.
www.secdat.com    www.andromeda-project.org
631-689-7200   Fax: 631-689-0527
cell: 631-379-0010