Authenticate Silverstripe users using Core PHP -


my client has website , backend made silverstripe. client wants mobile app , wants me build api communicate database. unfortunately wants me use other framework, or core php implementation pdo.

my problem:

how silverstripe encrypt password? how manually authenticate users using plain php. logic encrypt/hash (like silverstripe does) user input enough me.

unfortunately wants me use other framework, or core php implementation pdo

you, developer, have ability tell client why might wrong this.

if website/application built silverstripe should have good/specific reason not continue use implement api on top of silverstripe data - makes perfect sense use silverstripe this, , little sense rewrite parts of silverstripe framework sake of "not using silverstripe."

it's important mention client underlying encryption/hashing algorithms silverstripe implements not part of public api, , hence can change without requiring explicit notice given developers. mean default algorithm changed (for example if zero-day exploit found in blowfish algorithm) , mobile app stop working. using silverstripe api not have same problem.

the above applies general data structure of silverstripe. let's assume 1 day decide move away flat tables eav database storage design - public api (classes public methods) stay same while backend classes separate accessibility processing , data storage change. you have update api too, if build yourself!

how silverstripe encrypt passwords?

it depends - the default method encryption blowfish algorithm, there half dozen or (in 3.4.1) implementations of passwordencryptor class configured use.

the algorithm use configurable via security::$password_encryption_algorithm property, or via yaml config.

each user have different password encryption/hashing algorithm used - take look @ member database table under passwordencryption column.

how manually authenticate users using plain php

theoretically if wanted this, you'd need recreate of logic in framework's authenticator. start looking @ member::checkpassword - initiation of logic check password against member - you'll care about.

you'll find assuming implementations of silverstripe use default algorithm of blowfish encryption, , follow passwordencryptor::create_for_algorithm through passwordencryptor_blowfish::check. @ point you'll see literally end replicating amount of silverstripe framework's code able achieve want.

summary

  • what want achieve involve lot of duplication
  • it not work 100% of silverstripe implementations
  • it may work now, break @ point when algorithms change
  • ask client why, , convince them change mind (after all, you're expert, they're client)
  • use silverstripe api module (a couple listed below)

api modules

  • silverstripe/silverstripe-restfulserver - officially supported, , provides simple , easy way started providing api access silverstripe system. have basic control on http request methods, , can limit access , permissions each dataobject.
  • colymba/silverstripe-restfulapi - community module. arguably more flexible , powerful. more work set up/configure way want work.

Comments

Post a Comment

Popular posts from this blog

asynchronous - C# WinSCP .NET assembly: How to upload multiple files asynchronously -

i using winscp .net assembly uploading files. want upload multiple files asynchronous way. have created method works single upload. public class uploadingdata { private sessionoptions _sessionoptions; private session _session; //connection etc private void onconnected() { foreach (var fileinfo in localfileslist) { var task = task.factory.startnew(() => uploadfilesasync(fileinfo)); } } private async task uploadfilesasync(string file) { string remotefilepath = _session.translatelocalpathtoremote(file, @"/", "/test_data_upload"); var uploading = _session.putfiles(file, remotefilepath, false); //when done await task.run(() => thread.sleep(1000)); } } please suggest me correct way. thanks you can use backgroundworker class this: string[] images = new string[50]; foreach (var path in images) { backgroundworker
Read more

aws api gateway - SerializationException in posting new Records via Dynamodb Proxy Service in API -

i getting "__type": "com.amazon.coral.service#serializationexception" as reply in postman & in test console in api gateway trying post record directly dynamodb using api proxy services.. referring aws article - https://aws.amazon.com/blogs/compute/using-amazon-api-gateway-as-a-proxy-for-dynamodb/ here's mapping { "tablename": "tablenamegoeshere", "item": { "id" : "$context.requestid" "eventname" : "$input.path('$.eventname')", "timestamp" : $input.path('$.timestamp'), "answers": "$util.parsejson($input.path('$.answers'))" } } update: did asked ... , worked if try add array of json objects gives me above same error - here's trying now. please - couldnt find on google well #set($inputroot = $input.path('$')) { "tablename": "answer", "item": {
Read more

asp.net - Problems sending emails from forum -

i have been redesigning site has message board, has been written guy looked after site. it has few problems , written in .asp , uses .mdb files database. you can see whole thing here . feel free post if helps, test thing have set using original files , new database. the basic problem when posts message, supposed email sent them, have posted it. when replies, originator supposed message, replier has been posted. i’d have thought @ point in process there should script/file in postmessage.asp? the postmessage.asp page below. <% option explicit %> <!-- #include virtual="common/adovbs.inc" --> <html> <head> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> <meta name="generator" content="microsoft frontpage 4.0"> <meta name="progid" content="frontpage.editor.document"> <title>new page 2</title> <base target="_self"
Read more