Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada

Published bySylvia Dennis Modified over 8 years ago

Similar presentations

Presentation on theme: "Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada"— Presentation transcript:

1 Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada http://sayed.justetc.net

2  One security setting can be found at  app/config/app.php  'key’ for encryption key, 256 bit AES  http://en.wikipedia.org/wiki/Advanced_Encryption_Stan dard http://en.wikipedia.org/wiki/Advanced_Encryption_Stan dard  Key should be used otherwise the encryption will not be strong  32 characters key

3  Some authentication settings can be found at  app/config/auth.php  <?php  return array(  'driver' => 'eloquent‘,  ‘model' => 'User',  'table' => 'users',  'reminder' => array(  'email' => 'emails.auth.reminder',  'table' => 'password_reminders',  'expire' => 60,  ),  );

4  'driver’ : eloquent or database  ‘model’ : model used for authentication  'table’ : database table associated with this model  ‘'reminder’ : configuration for password reminder sending

5  If you do not use Eloquent  Use database authentication driver  Use QueryBuilder  If you use Eloquent ORM  Use eloquent authentication driver  app/models has a model User  password field is a minimum of 60 characters  You will use ORM based data manipulation (retrieve, update)

6  Just lightly check, for the most part, you will know what they mean  The Laravel Hash class provides secure Bcrypt hashing:  Hash::make('secret');  Hash::check('secret', $hashedPassword)  Hash::needsRehash($hashed)  Auth  Auth::attempt()  Auth::check()  Auth::viaRemember()  Auth::user()  Auth::loginUsingId(1)  Auth::validate($credentials)  Auth::once($credentials)

7  Auth  Auth::login($user)  Auth::logout()  Crypt  Crypt::setMode('ctr')  Crypt::setCipher($cipher)  Crypt::decrypt($encryptedValue)  Crypt::encrypt('secret')  Password  Password::validator()

8  Create a hash for the user provided password  $password = Hash::make('secret');  Hash the password and check it against the hash of the existing password  if (Hash::check('secret', $hashedPassword)) {  // The passwords match...  }

9  if ( !Auth::check() ) {  // The user is not logged in...  if (Auth::attempt(  array(  ‘db_field_for_username' => $user_provided_username, ‘db_field_for_password' => $password_in_the_login_form )) ) { return Redirect::intended('dashboard'); //closure }  }  Note: Auth:attempt() fires Auth:login on success

10  Condition: Id, password have to match  also the user has to be active  if (Auth::attempt(  array('email' => $email, 'password' => $password, 'active' => 1)))  {  // The user is active, not suspended, and exists.  }  Note: For added protection against session fixation, the user's session ID will automatically be regenerated after authenticating.

11  Remember user login status  if (Auth::attempt(  array('email' => $email, 'password' => $password), true )) {  // The user is being remembered...  }  Authentication at a later time if remembered  if (Auth::viaRemember()) {  //  }

12  Access the loggedin user  $email = Auth::user()->email;  Check user credentials without actually log him in  if (Auth::validate($credentials)) { // }  Logout  Auth::logout();

13  You can use Laravel built-in strategy  There will be password reminder form to initiate the request  Password reset link will be sent to email  Then password reset form will be there  You can use artisan commands to create the table, and the controller  The controller will have all the methods  You just need to write the reminder form and the reset form  Yes, in view files  You need to create the views as well  Must if you want to use this strategy:  Make sure User model implements theIlluminate\Auth\Reminders\RemindableInterface  To Create the related stuff (DB table, controller)  php artisan auth:reminders  php artisan migrate  php artisan auth:reminders-controller

14  The controller will have all the methods  You just need to create the view file and the form in it  password.remind  <form  action="{{ action('RemindersController@postReset') }}" method="POST">  

15  <form  action="{{ action('RemindersController@postReset') }}" method="POST">    

16  http://laravel.com/docs/security#configuration http://laravel.com/docs/security#configuration

Download ppt "Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc., Computer Science, Canada"

Similar presentations

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.

MFA for Business Banking – Security Code Multifactor Authentication: Quick Tip Sheets Note to Financial Institutions: We are providing these QT sheets.
Joint Portal USER CONFERENCE & SYMPOSIUM 2013 MASTERING HEALTHCARE STRATEGIES AUSTINTEXAS.

Joint Portal USER CONFERENCE & SYMPOSIUM 2013 MASTERING HEALTHCARE STRATEGIES AUSTINTEXAS.
Authentication in Joomla! 1.5. About Me  Born in Feb 1979, started in the computing industry with Pong.  In the late ‘80s moved into the Commodore 64.

Authentication in Joomla! 1.5. About Me  Born in Feb 1979, started in the computing industry with Pong.  In the late ‘80s moved into the Commodore 64.
Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.

Forms Authority Database Store Username and Passwords: ASP.NET framework allows you to control access to pages, classes, or methods based on username and.
Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc. Computer Science, U of Manitoba, Canada

Sayed Ahmed Computer Engineering, BUET, Bangladesh MSc. Computer Science, U of Manitoba, Canada
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.

Members Only & Login Modules Members Only works with the Login module to provide password protection to Web pages and files. Login Groups may be created.
>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.

>> PHP: Access Control & Security. Authentication: Source Authentication Source Hard-coded File-Based The username and password is available inside the.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Updating User Information Password – use this field to change your own password Confirm Password – retype the new password for verification purposes To.

Updating User Information Password – use this field to change your own password Confirm Password – retype the new password for verification purposes To.
1 Client/Server Database Tutorial. SQL Server Connection through MS Access FACBUSAD1 SQL server MS Access MGD B106 Computer or your own PC Remote SQL.

1 Client/Server Database Tutorial. SQL Server Connection through MS Access FACBUSAD1 SQL server MS Access MGD B106 Computer or your own PC Remote SQL.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?

Overview What are the provisioning methods used in the Australian registry system? How are these provisioning systems secured?
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.

Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
S YMFONY ORM - D OCTRINE Sayed Ahmed B.Sc. Eng. in Computer Science & Engineering M. Sc. in Computer Science Exploring Computing for 14+ years

S YMFONY ORM - D OCTRINE Sayed Ahmed B.Sc. Eng. in Computer Science & Engineering M. Sc. in Computer Science Exploring Computing for 14+ years
Session 5: Working with MySQL iNET Academy Open Source Web Development.

Session 5: Working with MySQL iNET Academy Open Source Web Development.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.

Website Security ISYS 475. Authentication Authentication is the process that determines the identity of a user.
Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Cookies Set a cookie – setcookie() Extract data from a cookie - $_COOKIE Augment user authentication script with a cookie.

Similar presentations

Ads by Google