Comments on: How to avoid Identity Theft in Zend Framework with Zend Auth http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html Bringing you the best of the webdevelopement ecosphere Tue, 31 Aug 2010 09:44:28 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Andrei Gabreanu http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-296 Andrei Gabreanu Sun, 13 Jun 2010 00:41:58 +0000 http://phpdev.ro/?p=987#comment-296 Nice ideea with the Zend Session validator! I actually overlooked it! Thanks for the ideea.<br><br>Regarding the user agents, yes of course, you are right. This plugin was never intended to be of a large scale use (ex a public website ) rather than a portion of an app where you *know* who will access it and with what user agents etc . Prolly should have said that somewhere in the post :) Nice ideea with the Zend Session validator! I actually overlooked it! Thanks for the ideea.

Regarding the user agents, yes of course, you are right. This plugin was never intended to be of a large scale use (ex a public website ) rather than a portion of an app where you *know* who will access it and with what user agents etc . Prolly should have said that somewhere in the post :)

]]> By: Andrei Gabreanu http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-297 Andrei Gabreanu Sun, 13 Jun 2010 00:40:07 +0000 http://phpdev.ro/?p=987#comment-297 Agree. It is more of a convenience way to check something like, lets say for example an admin page where you *know* who will access thus you don't mind the user agents changing. Agree. It is more of a convenience way to check something like, lets say for example an admin page where you *know* who will access thus you don't mind the user agents changing.

]]> By: Pieter http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-294 Pieter Sun, 13 Jun 2010 00:38:15 +0000 http://phpdev.ro/?p=987#comment-294 Nice post. Just a small hint; you can actually do everything you're trying to do with Zend_Session already. Just add the necessary validators (in your case user_agent and ip validator) to Zend_Session using Zend_Session::registerValidator().<br>I must warn you though; validating on user_agent is probably not a smart thing to do as more and more browsers tend to change their user agent string during a session (e.g. IE8). Nice post. Just a small hint; you can actually do everything you're trying to do with Zend_Session already. Just add the necessary validators (in your case user_agent and ip validator) to Zend_Session using Zend_Session::registerValidator().
I must warn you though; validating on user_agent is probably not a smart thing to do as more and more browsers tend to change their user agent string during a session (e.g. IE8).

]]> By: Michiel Brandenburg http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-280 Michiel Brandenburg Thu, 10 Jun 2010 03:33:23 +0000 http://phpdev.ro/?p=987#comment-280 Nice post, mind u turning on the useragent check will be more trouble than it's worth. Ajax calls from the same browser being used can report different useragents, on top of that the useragent can be configured by the user. Also take note that you might have to check for the presence of X-Forwarded-For headers (these can be faked) but it might indicate that the user is behind a proxy and the ip might not be trusted. Nice post, mind u turning on the useragent check will be more trouble than it's worth. Ajax calls from the same browser being used can report different useragents, on top of that the useragent can be configured by the user. Also take note that you might have to check for the presence of X-Forwarded-For headers (these can be faked) but it might indicate that the user is behind a proxy and the ip might not be trusted.

]]> By: Soviet http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-266 Soviet Wed, 09 Jun 2010 07:41:22 +0000 http://phpdev.ro/?p=987#comment-266 <strong><a href="http://tehnoblaze.ru/ http://rel" rel="nofollow">Хм.....</a>...</strong> Ссылки как то непонятно отображаются... http://rel” rel=”nofollow”>Хм…..…

Ссылки как то непонятно отображаются…

]]> By: Teddy http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-216 Teddy Mon, 05 Apr 2010 20:37:09 +0000 http://phpdev.ro/?p=987#comment-216 Wow thanks u'r responds so quick :D<br>Your article so helpful, I will try it later :) cos already night here... Wow thanks u'r responds so quick :D
Your article so helpful, I will try it later :) cos already night here…

]]> By: Andrei Gabreanu http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-215 Andrei Gabreanu Mon, 05 Apr 2010 20:31:38 +0000 http://phpdev.ro/?p=987#comment-215 Yep! In the preDispatch() Yep! In the preDispatch()

]]> By: Teddy http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-214 Teddy Mon, 05 Apr 2010 20:27:43 +0000 http://phpdev.ro/?p=987#comment-214 sorry I mean, Are function hasSecureIdentity() is located in this function preDispatch()? sorry I mean, Are function hasSecureIdentity() is located in this function preDispatch()?

]]> By: Andrei Gabreanu http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-213 Andrei Gabreanu Mon, 05 Apr 2010 17:49:46 +0000 http://phpdev.ro/?p=987#comment-213 In the "Class Project_Application_Controller"<br><br>...<br>if ( FALSE === Project_Application_Auth::getInstance()->hasSecureIdentity()<br>... In the “Class Project_Application_Controller”


if ( FALSE === Project_Application_Auth::getInstance()->hasSecureIdentity()

]]> By: Teddy http://phpdev.ro/how-to-avoid-identity-theft-in-zend-framework-with-zend-auth.html/comment-page-1#comment-212 Teddy Mon, 05 Apr 2010 15:37:27 +0000 http://phpdev.ro/?p=987#comment-212 when function hasSecureIdentity() has been execute? when function hasSecureIdentity() has been execute?

]]>