deon/lnkohana
Archived
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
68c7f4f159
lnkohana/modules/auth
History
Deon George 68c7f4f159 Kohana v3.3.5
2016-05-01 20:50:24 +10:00
..
classes Kohana v3.3.0 2013-04-22 14:09:50 +10:00
config Kohana v3.3.0 2013-04-22 14:09:50 +10:00
guide/auth Kohana v3.3.0 2013-04-22 14:09:50 +10:00
.travis.yml Kohana v3.3.5 2016-05-01 20:50:24 +10:00
composer.json Kohana v3.3.5 2016-05-01 20:50:24 +10:00
koharness.php Kohana v3.3.5 2016-05-01 20:50:24 +10:00
README.md Kohana v3.3.5 2016-05-01 20:50:24 +10:00

README.md

Kohana auth module

ver Stable Develop
3.3.x Build Status - 3.3/master Build Status - 3.3/develop
3.4.x Build Status - 3.4/master Build Status - 3.4/develop

I've forked the main Auth module because there were some fundamental flaws with it:

  1. It's trivial to bruteforce publicly hidden salt hashes.
    • I've fixed this by switching the password hashing algorithm to the more secure secret-key based hash_hmac method.
  2. ORM drivers were included.
    • I've fixed this by simply removing them. They cause confusion with new users because they think that Auth requires ORM. The only driver currently provided by default is the file driver.
  3. Auth::get_user()'s api is inconsistent because it returns different data types.
    • I've fixed this by returning an empty user model by default. You can override what gets returned (if you've changed your user model class name for instance) by overloading the get_user() method in your application.

These changes should be merged into the mainline branch eventually, but they completely break the API, so likely won't be done until 3.1.