I would be very interested in your opinions on the ModelSecurity
plugin by Bruce P…
Some time ago, I read on a few pages that it is the way to go, on this
list however, I didn’t read much about it. Apart from it’s security
quoted from comments in source code:
FIX: At the moment we only support Basic authentication. It’s
prone to sniffing. Change to Digest authentication.
I am at the moment struggling with the fact that it stores the
complete User object in the session data. While this is generally a no
good idea, it’s a real problem for me, as I have to deactivate and
reactivate user accounts in my app. I don’t think session expiry
handling will be enough here … I tried changing the code so that it
only stores the user_id and user_name in the session, however I didn’t
get this to work so far …
Any tips? Better authentication libs?