Anonymous,

Please Login or Register
Download Nuke Evolution Xtreme today for a CMS you can enjoy using and sharing with your friends!
[ Download Now ]
Forum Index  ·  Search  ·  Usergroups  ·  Edit your profile  ·  Members  ·  Login, Check Messages
Arcade  ·  Ranks  ·  Staff  ·  Statistics  ·  Board Rules  ·  Forum FAQ  ·  Log in

Search for at
Evolution-Xtreme Advanced Search


+  
Latest Site News   Next 5 >>  
 Forum   Author   Replies   Last Post 
File Repository 1.0.0 Released Announcements! Lonestar 0 Tue Apr 26, 2016 6:44 am
Lonestar View latest post
Image Repository Released Announcements! Lonestar 1 Mon Oct 27, 2014 7:39 pm
Lonestar View latest post
So what happened to us? Announcements! SgtLegend 0 Tue May 06, 2014 12:32 am
SgtLegend View latest post
[PROGRESS] Nuke Evolution Xtreme 2.0.9e Announcements! SgtLegend 2 Sun May 27, 2012 6:25 pm
SgtLegend View latest post
European Cookie Law Announcements! SgtLegend 0 Sat May 26, 2012 7:33 am
SgtLegend View latest post
   
Recent Topics   Next 15 >>  
 Forum   Author   Replies   Last Post 
Evo staff looking for some volunteers. Community Announcements coRpSE 20 Thu Jul 02, 2015 9:19 am
Depresjon2 View latest post
Evo Xtreme 2.0.9D Updated for PHP 5.6 General Support coRpSE 121 Thu Mar 23, 2017 3:57 pm
casterdon View latest post
[ MOD ] - Honeypot V2.2 AntiBot Module Security coRpSE 106 Tue Nov 22, 2016 11:30 am
coRpSE View latest post
Possible new Admin area layout Comments and Suggestions Lonestar 18 Wed Sep 14, 2016 11:37 am
Blackou View latest post
jQuery update General Support Lonestar 2 Wed May 11, 2016 4:49 pm
Charles64 View latest post
Deutsche Sprachdatei - german language files German DT50R 7 Thu Jan 28, 2016 7:04 am
DT50R View latest post
[FIX] Correct Cookie Settings (Invalid Session Error) Quick fixes killigan 110 Fri Mar 20, 2015 1:06 pm
Macdaddy View latest post
login as admin strange error General Support Worfwarrior 8 Sun May 21, 2017 12:42 pm
Worfwarrior View latest post
Does Anyone Have a Media Player Mod? Modules goosse 0 Mon May 01, 2017 9:17 am
goosse View latest post
head and body help General Support hercountrybuck 8 Tue Apr 04, 2017 2:08 pm
Sp0rAdiC View latest post
babstats nuke evo PHP 5.6 Modules pd35 4 Mon Mar 27, 2017 5:45 pm
Ragonese View latest post
Looking for coRpSE? He is gone till May. General Chat coRpSE 4 Sun Mar 26, 2017 6:50 pm
coRpSE View latest post
Think I got hit with malware somehow General Support bobdude 10 Sun Mar 26, 2017 6:44 pm
coRpSE View latest post
error log Bugs Redcougarxr7 31 Tue Mar 21, 2017 8:46 pm
coRpSE View latest post
I seem to be locked out of my website Smile General Support storm 4 Sat Mar 11, 2017 12:29 pm
coRpSE View latest post

[POLL] Session or cookie based admin authentication

 
Post new topic    Reply to topic    printer-friendly view    Evolution-Xtreme Forum Index -> General Chat
View previous topic :: View next topic  

Session or cookie based authentication?
Session, logs you out when your browser is closed
80%
 80%  [ 4 ]
Cookies, far less secure but keeps you signed in until the cookie is removed from the browser manually
20%
 20%  [ 1 ]
Total Votes : 5

Author Message
SgtLegend
Site Admin
Site Admin
Lead Developer
Lead Developer
DFG Developer
DFG Developer



Gender: Gender:Male
Joined: Oct 11, 2008
Age: 26
Posts: 5169
Location: Australia
Reputation: 616.1
votes: 27
australia.png


Status: Offline
Web Control Panel: WHM
PostPosted: Sun Nov 30, 2014 2:20 am Post subject: No icon [POLL] Session or cookie based admin authentication Reply with quote

 Hi  guys  and  girls,
 
 I  know  development  has  been  well  lacking  but  I'm  trying  to  help  coRpSE  and  Lonestar  out  whenever  possible,  today  I  come  forth  with  a  question  regarding  the  security  of  the  admin  panel,  since  Nuke  was  built  it's  been  based  on  cookie  authentication  which  works  but  isn't  secure  unelss  you  have  an  SSL  certificate  and  I  don't  like  it  for  that  fact,  my  question  to  everyone  is  in  the  poll  so  if  you  could  let  me  know  what  you  think  and  if  you  have  any  questions  please  ask  them  but  at  this  point  I'm  leaning  heavily  towards  session  based  authentication  instead.
Back to top
View user's profile Send private message Visit poster's website
coRpSE
Xtreme Developer
Xtreme Developer
Site Admin
Site Admin
Support Team
Support Team



Gender: Gender:Male
Joined: Dec 24, 2008
Age: 36
Posts: 1354
Location: Back of your mind!!!
Reputation: 186.3
votes: 10
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PostPosted: Sun Nov 30, 2014 9:27 am Post subject: No icon Re: [POLL] Session or cookie based admin authentication Reply with quote

 I  guess  I  like  it  both  ways.  I  know  on  my  site,  I  don't  delete  my  cookies  and  I  stay  logged  in  since  this  is  a  private  comp  and  nobody  else  uses  it.  But  on  the  other  hand,  the  added  security  is  never  a  bad  thing  in  my  book,  just  less  convent.  Granted  I  still  need  to  log  into  Sentinel  every  day  I  go  into  the  admin  panel  on  my  site,  I  believe  that  is  also  cookie  based.  They  just  expire  after  a  certain  amount  of  time.  (I  believe,  never  looked  into  it.).
 
 So  what  it  comes  down  to,  I  am  game  either  way.  But  for  the  added  security,  I  guess  I  would  have  to  say  to  use  sessions  for  the  admin  side  of  the  site.
Back to top
View user's profile Send private message Visit poster's website
BaDaSS



Gender: Gender:Male
Joined: Jan 01, 2009
Age: 57
Posts: 175
Location: New Jersey
Reputation: 20.5
usa.png


Status: Offline
PostPosted: Sun Nov 30, 2014 9:27 am Post subject: No icon Re: [POLL] Session or cookie based admin authentication Reply with quote

 Just  wondering  SgtLegend,  is  there  no  other  type  of  option/security  but  those  two  ways?  I  know  about  SSL,  I'm  not  counting  that  in.
Back to top
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
Sponsor
webstorm.jpg
Shadz



Gender: Gender:Male
Joined: Aug 15, 2012
Age: 30
Posts: 296
Location: Nottingham
Reputation: 38
votes: 1
uk.png


Status: Offline
Web Control Panel: cPanel
PostPosted: Sun Nov 30, 2014 9:55 am Post subject: No icon Re: [POLL] Session or cookie based admin authentication Reply with quote

 So  my  question  to  this  is  if  we  move  to  the  secure  session's  for  logins  and  stuff  like  that  would  this  have  to  be  
 done  for  normal  members  who  access  our  site  as  well  so  each  time  they  visit  they  will  then  have  to  put  usernames  
 and  passwords  back  in  again?  or  will  this  just  be  for  the  admin  accounts  on  the  site?
 
 If  its  just  for  the  admin  accounts  then  I  am  good  with  the  added  security  as  the  more  security  the  better.
 
 I  think  if  this  will  affect  all  members  though  it  wont  really  work  because  people  will  moan  about  always  having  to  login
 on  each  visit.
Back to top
View user's profile Send private message Visit poster's website
SgtLegend
Site Admin
Site Admin
Lead Developer
Lead Developer
DFG Developer
DFG Developer



Gender: Gender:Male
Joined: Oct 11, 2008
Age: 26
Posts: 5169
Location: Australia
Reputation: 616.1
votes: 27
australia.png


Status: Offline
Web Control Panel: WHM
PostPosted: Sun Nov 30, 2014 5:01 pm Post subject: No icon Re: [POLL] Session or cookie based admin authentication Reply with quote

                                                   
Quote:                
Just  wondering  SgtLegend,  is  there  no  other  type  of  option/security  but  those  two  ways?  I  know  about  SSL,  I'm  not  counting  that  in.                

 Sessions  are  the  most  secure  method  with  using  SSL  encrypted  cookies,  sessions  can't  be  manipulated  like  cookies  can  thus  making  it  far  less  likely  that  someone  has  spoofed  themselves  as  an  admin  as  they  would  first  need  server  access.
 
 
                                                 
Quote:                
So  my  question  to  this  is  if  we  move  to  the  secure  session's  for  logins  and  stuff  like  that  would  this  have  to  be  done  for  normal  members  who  access  our  site  as  well  so  each  time  they  visit  they  will  then  have  to  put  usernames  and  passwords  back  in  again?  or  will  this  just  be  for  the  admin  accounts  on  the  site?                  

 User  account's  won't  be  affect  as  that  is  for  a  future  discussion  and  one  that  will  more  than  likely  result  in  the  Your  Account  module  been  scraped  and  replaced  with  a  fully  integrated  SSO  (single  sign  on)  feature  that  uses  permissions  to  authenticate  admins  with  user  account  and  far  less  redundancy  caused  by  the  module  itself.
 
 

 
 Keep  in  mind  my  decision  to  move  forward  with  sessions  is  likely  to  go  ahead  anyway  as  the  frameworks  I  used  outside  of  Nuke  rely  solely  on  sessions  which  makes  for  a  consistent  and  secure  experience,  in  the  future  I'll  also  been  looking  into  Authy  (not  free)  or  Google  2-step  but  they  require  some  extra  thought  about  process  and  security.
Back to top
View user's profile Send private message Visit poster's website
Malius



Gender: Gender:Male
Joined: Nov 28, 2009
Posts: 320
Location: North Dakota
Reputation: 44
votes: 1
usa.png


Status: Offline
PostPosted: Tue Dec 02, 2014 7:53 pm Post subject: No icon Re: [POLL] Session or cookie based admin authentication Reply with quote

 i  vote  security  over  convenience
Back to top
View user's profile Send private message Visit poster's website
Sponsor
phpstorm.jpg
Display posts from previous:
Post new topic  Reply to topic   printer-friendly view Evolution-Xtreme Forum Index ->  General Chat All times are UTC - 5 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Related topics
 Topics   Replies   Author   Views   Last Post 
No new posts error please help needed 12 buddy459rc 6252 Tue Mar 22, 2016 6:25 am
Lonestar View latest post
No new posts Donations Xtreme - time based, recurring events? 4 konfusion 2509 Tue Jan 03, 2012 11:55 am
konfusion View latest post
No new posts Seeting forums up permissioned based 7 ice5192 2803 Wed Nov 02, 2011 7:47 pm
ice5192 View latest post
No new posts Help with menu options based on group membership. 1 feeblemedic 1433 Thu Oct 13, 2011 1:07 pm
SnakZ View latest post
No new posts Ajax based Shoutbox? 1 Markvis14 1995 Wed Aug 17, 2011 7:04 am
killigan View latest post
 




Powered by phpBB © 2001, 2006 phpBB Group
EvoXtreme Theme by SgtLegend ©
Forums ©