I have developed a project using zend and neo4j db. Till now I haven't used sessions now I have requirement of applying authorization to various types of users. I don't know whether Zend Acl can be directly implemented with neo4j. If any one used ACL with neo4j and can provide some examples then I would be very grateful to that person. On searching I came up with this link..
Graph Acl
Is it helpful ?
There are no built-in ZendAcl Neo4j backed plugins. Note that ZendAcl does not have any built-in persistence features at the core.
You'll need to write an ACL plugin that will then create the necessary Cypher queries.
An example with Doctrine : https://monzee.wordpress.com/2009/06/14/developing-a-doctrine-backed-acl-helper-tdd-style-part-1/
Related
Are there any frame work / modules that I can use when building web apps from scratch (php, sql)?
I am sure that coders don't write login, signup, etc. features (of typical web 2.0 apps) from scratch, they got modules that they refer to / reuse.
Is there a possibility to gain access to those modules to use?
Thanks
I'm not exaggerating but there might be a thousand PHP frameworks. All you have to do is to google PHP Frameworks .
Some well known ones are :
Laravel
CakePHP
CodeIgnitor
Yii
Symfony
Zend
... and the list goes on and on
you can use laravel if you have basic concept about php and mvc framework you will be able to control over laravel very well, when you create module it will gives you crud methods by default you just have to get an idea about its namingConvention and use. please visit https://scotch.io/tutorials/simple-laravel-crud-with-resource-controllers
which framework would be best to migrate an existing donation processing php website to a php framework ??
please provide some justifications for your answer ..
Three frameworks are in my mind : CakePHP, CodeIgniter, Yii
Cakephp and yii have PDO implemented.
I'll use YII, i love the way it implements the stuffs.
Generate migration using command line.. crud using web interface (so easy).
You can add foreign keys on your migration.. his support to database is larger than the cake php.
The model methods and pdo are so easy to work with, it have a lot of examples.
Cake php is sweet too, but Yii have more things and is more advanced.
The default scaffold on yii is better, advanced search implemented and jquery on the fly
Whenever I Google things like "php authentication library" I continue to come up with a ton of results of authentication libraries designed for Code Igniter.
What I am looking for is things like the following,
A robust library that handles login, logout, registration, login retrieval etc...
Very secure authentication possibly using sha-256+?
Library that can be integrated into any code, framework or not
Active project and community so that I can rely on it in the future.
Compatible with MySQL
Maybe some things I do not know about?
I am hoping my answer fits your needs , its in two parts :
1- Zend Acl + Zend + Auth :
very robust code and 100% unit tested
it could support any encryption method or create your own method
it can support any backend you like [mysql , msssql , or even a session based auth]
custom acl to fits your application needs
you may choose php5.2 version = ZF 1.11 or the php5.3 = ZF2 beta released the last week
in ZF2 beta you could use the pyrus to package the required classes only , not the whole library http://zend-framework-community.634137.n4.nabble.com/Packaging-and-distribution-of-ZF2-td3597632.html
its very active project
2-symfony2 security component :
in sf2 you combine the [ACL , AUTH] in very powerful library called security
symfony2 has the support of bundles , and the FOS UserBundle its the ideal match for my usage
you can use it in your own project as its
Symfony's security component is available as a standalone PHP library for use inside any PHP project. http://symfony.com/doc/2.0/book/security.html
it support many backend solutions , they called providers you my see even create your own custom provider
you can even create many protected areas , in case you need it via firewalls , its basically as DMZs
support any encryption method you might need , or create your own
its very active project too
probably you can try this link: php user authentication libraries / frameworks ... what are the options?
zend_auth & codeigniter
it seems that the zend framework has good tools but it is overkill to do authentication only
ulogin, http://ulogin.sourceforge.net/
using social media login might also be another way
I know questions like this have been asked numerous times, but not quite this one. Forgive me if I overlooked an obvious duplicate.
In the core of many of my web applications is a self-written user/session management class that in its origins dates back to 2002.
I have decided that it is time for a fundamental re-write or, preferably, the introduction of a ready-made standard library.
My requirements for that library would be:
Object oriented, clean, excellent code
Full session management: Wrapper to session_start() and consorts
Would ideally provide various storage methods (PHP Standard /tmp, database based)
Would ideally be able to connect to different types of user data storage, but mySQL will do fine
Would ideally provide convenient functions for supporting OpenID, but that's a fancy thought, no requirement right now
Methods: Verify session, get user data, get session data, log in user, log out user
Settings: Session lifetime, password encryption
Must be Open Source
And if it's very generic, a user management API or a generic connector to the user management of the surrounding application would be nice:
Create/Update/delete user records
Fetch and modify data of currently logged in user
this is so basic, and so security relevant, that I would expect that there is a standard solution to this, however I don't know of any, and all the big CMSs and blogs seem to be rolling their own.
My two questions:
Do you know such a component as a generic, stand-alone library?
Could somebody with deep knowledge in Zend Framework tell me whether it is possible to use Zend_auth and/or Zend_session standalone, at the core of a big application that has otherwise nothing to do with ZF, without running in to trouble?
May I suggest the authentication library that I have written? It is a generic library (not written for or part of a framework): http://ulogin.sourceforge.net
Could somebody with deep knowledge in Zend Framework tell me whether it is possible to use Zend_auth and/or Zend_session standalone, at the core of a big application that has otherwise nothing to do with ZF, without running in to trouble?
I don't have deep knowledge of the Zend Framework, but I have used various components (e.g. Zend_Search) without creating a Zend_Application object or using the MVC framework and I am sure the rest of the library is also designed to be totally modular. Last time I dug though the Zend_Session code, I didn't find any includes outside Zend/Session/. A quick google seemed to confirm this for Zend_Auth, along with the Zend FAQ which states:
Is ZF a component library or a framework?
Simple answer: both. Zend Framework provides all the components required for most web applications in a single distribution. But Zend Framework components are also loosely coupled, making it easy to use just a few components in a web application- even alongside other frameworks! Using this use-at-will architecture, we are implementing features commonly found in more monolithic frameworks. In fact, we are currently working on a tooling component for the 1.8 release that will make it simpler to build applications using ZF components, yet will not sacrifice the use-at-will nature of existing ZF components. It's a testament to the use-at-will architecture of Zend Framework that the tooling component itself can be used standalone.
The only thing I had to do when not using Zend_Search with the MVC framework was add the directory where you installed the Zend Framework to the include path due to the includes in the Zend library. The documentation doesn't document the includes you need when not using the Zend Autoloader, but as everything uses the PEAR class naming scheme, it is easy to deduce from the class names you are using. (so the class Foo_Bar_File would require you to include Foo/Bar/File.php )
There are several OpenID libraries available.
http://wiki.openid.net/Libraries#php
For the rest you might as well roll your own, since figuring out someone else's library would probably be more trouble than it's worth.
My understanding is that there is no standard library because there is no standard definition of what a user is.
In some of my applications, users simply log in to do stuff. In others, users are part of a company and their permissions and data access are limited by the limits of that company and the subscription level paid for by the company. In other applications, some users are admins with access to everything, some users are admins with access to some data (row level), and other users are the clients of those admins, with access only to their own data. Some users are tied to firms/companies/customers, other users are not. Some users are just a username and password, others are a large object graph with clients, order histories, report preferences, comments, etc.
Maybe I'm wrong and there's some clean way of abstracting all of those requirements into a system that doesn't require five layers of subclassing and a thousand DB hits to log someone in. I haven't found it though.
Is there any open-source, PHP based, role-based access control system that can be used for CodeIgniter?
Maybe I'm misunderstanding the question, but isn't the whole point of Role-Based Access Control (RBAC) to avoid Access Control Lists (ACLs)?
RBAC differs from access control lists (ACLs) (...) in that it assigns permissions to specific operations with meaning in the organization, rather than to low-level data objects. For example, an access control list could be used to grant or deny write access to a particular system file, but it would not say in what ways that file could be changed. In an RBAC-based system, an operation might be to create a 'credit account' transaction in a financial application (...). The assignment of permission to perform a particular operation is meaningful because the operations are fine-grained and themselves have meaning within the application.
(Quote: Wikipedia)
I don't know the specifics on Zend_ACL or the other implementations mentioned, but if they are ACL-based, I would not recommend using them for role-based authorization.
Brandon Savage gave a presentation on his PHP package "ApplicationACL" that may or may not accomplish role-based access. PHPGACL might work as well, but I can't tell you for sure.
What I can tell you, however, is the Zend_ACL component of the Zend Framework will do role-based setups (however you'll have to subclass to check multiple roles at once). Granted the pain of this is you'll have to pull out Zend_ACL, I do not believe it has any external dependencies, from the monolithic download (or SVN checkout).
The nice thing about Zend_ACL is though its storage agnostic. You can either rebuild it every time or it's designed to be serialized (I use a combination of both, serialize for the cache and rebuild from the DB).
I created an Open Source project called PHP-Bouncer which may be of interest to you. It's still fairly young, but works well and is easy to configure. I ended up developing it because none of the existing solutions seemed to meet my needs. I hope this helps!
phpgacl http://phpgacl.sourceforge.net/ is a generic acl based access control framework
while I don't know about any CI specific implementation, i know that you only need the main class file to make phpgacl work. So i belive that integration with CI won't be any problem. (I've work passingly with CI)
Here are two RBAC libraries for PHP I found:
https://github.com/leighmacdonald/php_rbac
https://github.com/brandonlamb/php-rbac
I actually used the first one in PolyAuth: https://github.com/Polycademy/PolyAuth/
It's a full featured auth library that includes NIST level 1 RBAC. And yes, RBAC is not the same as an ACL. I use Codeigniter as well, all you have to do is use the PDO driver and pass in the connection id. See this tutorial for how to do that: http://codebyjeff.com/blog/2013/03/codeigniter-with-pdo
Found out about Khaos ACL which is a CI library... I'm also checking out phpgacl and how to use it for CI... Have'nt checked Zend ACL yet. But maybe it can be "ported" to CI
Try DX_Auth plugin for CodeIgniter. I am working on a similar (rather, superset) of the functions that DX_Auth have. My set of CI addon's include display of menus (that can be controlled via CSS), Role-bases access controll before controller is invoked and other features. I hope to publish it soon. Will give project URL when I do so
RBAC != ACL - Roland has the only correct answer for this question.
BTW of course it is an essential part of a framework to implement any kind of permission system - at least there is no point in using a framework, if it does not give you a well engeneered RBAC system - it might be better using a simple template system with any ORM layer then.
It is a common antipattern in the php world, that frameworks like Ruby or Django are "cloned" only as a subset of what these modern frameworks deliver - as a typical syndrome yuo see a lack of good ACL or RBAC integration into these frameworks - what essentially is a joke.
There is currently only the Yii PHP Framework that comes with a decent RBAC implementation.
I know the trail is cold, but a new project has popped up :
PHP-RBAC is a PHP Hierarchical NIST Level 2 Standard Role Based Access Control and is pretty mature. It is also an OWASP project.
I hope you enjoy it at http://phprbac.net
http://www.jframework.info (deadlink)
jFramework has a standard NIST level 2 RBAC with enhancements which is said to be the fastest available (includes benchmarks) it can operate on a single SQLite database file and is tested thoroughly, works like a glove.
Has a dependency on jFramework DBAL but you can simple replace DBAL SQL Queries in the code with your desired DBAL and of course you can use jFramework in a SOP manner.
Ion Auth Library uses users and groups - https://github.com/benedmunds/CodeIgniter-Ion-Auth
but there are no working RBAC system to use them and manage. But you can white your functions.