search

OWASP / phpsec

OWASP PHP Security Project - THIS PROJECT IS INACTIVE AND MAY CONTAIN SECURITY FLAWS
197 stars 103 forks source link

need for isUserIdValid() in session library #74

Closed mebjas closed 10 years ago

mebjas commented 10 years ago

Paulo Guerreiro recently added functions to check validity of userID in auth library (user.php) https://github.com/paulocmguerreiro/phpsec/commit/5c77aa91a96809fb3d60a3d208da95a4bc865d5e

We need to extend this capability to session library as well as it uses userId for all important tasks.

paulocmguerreiro commented 10 years ago

Since this is a static function it can be called directly, otherwise, this function needs to come out to a general class, i think!!?

mebjas commented 10 years ago

but libraries need to be stand alone so we shall not use it from auth library

rash805115 commented 10 years ago

You dont need to check userID in session library or any other library because the ID's would come from the developer end. You dont have control over those.

abiusx commented 10 years ago

Session and Auth are usually coupled, its hard to make them stand-alone.

Notice: This message is digitally signed, its source and integrity are verifiable. If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body. Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Oct 25, 2013, at 9:26 AM, Rahul Chaudhary notifications@github.com wrote:

Closed #74.

— Reply to this email directly or view it on GitHub.

rash805115 commented 10 years ago

only user library needs userID....rest of the libraries will work when they are given a userID. Auth is in user library...so it comes free with the user library.

Session is another library. It is stand alone.

All other libraries except "userManagement" are stand alone.

On Fri, Oct 25, 2013 at 10:00 AM, AbiusX notifications@github.com wrote:

Session and Auth are usually coupled, its hard to make them stand-alone.

Notice: This message is digitally signed, its source and integrity are verifiable. If you mail client does not support S/MIME verification, it will display a file (smime.p7s), which includes the X.509 certificate and the signature body. Read more at Certified E-Mail with Comodo and Thunderbird in AbiusX.com

On Oct 25, 2013, at 9:26 AM, Rahul Chaudhary notifications@github.com wrote:

Closed #74.

— Reply to this email directly or view it on GitHub.

— Reply to this email directly or view it on GitHubhttps://github.com/OWASP/phpsec/issues/74#issuecomment-27094735 .

Regards, Rahul Chaudhary Ph - 412-519-9634