2017 © Pedro Peláez
 

library skyline-security

Skyline Security takes responsability to make your application secure and authenticte clients. It also provides an authorisation mechanism.

image

tasoft/skyline-security

Skyline Security takes responsability to make your application secure and authenticte clients. It also provides an authorisation mechanism.

  • Saturday, May 12, 2018
  • by tasoft
  • Repository
  • 0 Watchers
  • 0 Stars
  • 26 Installations
  • PHP
  • 0 Dependents
  • 0 Suggesters
  • 0 Forks
  • 0 Open issues
  • 2 Versions
  • 63 % Grown

The README.md

Skyline Security

The Skyline Security Package provides several services to increase your application's security., (*1)

Skyline Security adds the security service to use in your action controllers., (*2)

Install

Manual created applications do not install the security package automatically.
You can easy add them using composer:, (*3)

$ composer require skyline/security

How it works

The Skyline Security package has two functions: 1. Manage access control to your application 1. Protect html forms against cross site request forgery, (*4)

Manage Access

Skyline Security uses three phases for access control, (*5)

Phase 1: Identification

Who is requesting?
There are several possibilities to detect the identity of a requesting client: - Anonymous: You don't know who it is, but the identity is always the same - Remember Me: An identity created from remember me information - Session: An identity for the current session - HTTP: Basic and Digest identities specified by HTTP/1.0 - HTML Form Login - API Keys, (*6)

All identities must specify a token (usually a username, but can be anything). This identifies a client.
Identities also specify a reliability., (*7)

Phase 2: Authentication

Does Skyline CMS know someone with this token (username)?
For this Skyline Security needs user providers that know registered users by token.
If Skyline knows a user with a given identity, it tries to authenticate the identity using its credentials.
Now the credentials are wrong, the authentication phase will break and send an authentication challenge to the client.
But if the credentials matched, phase 3 takes place, (*8)

Phase 3: Authorization

Is the user allowed to perform the desired action?
Skyline Security knows voters to decide, if the request is granted or denied.
The package ships with a role system.
You as administrator can assign as many roles as you want to users.
After that, every action in an action controller can require roles. So now Skyline Security only grant access to the desired action if the user has all required roles., (*9)

Cross Site Request Forgery

$csrfManager = ServiceManager::generalServiceManager()->CSRFManager;

Special Thanks To

  • Symfony ( Copyright (c) 2004-2019 Fabien Potencier )

The Versions

12/05 2018

dev-master

9999999-dev

Skyline Security takes responsability to make your application secure and authenticte clients. It also provides an authorisation mechanism.

  Sources   Download

MIT

The Requires

 

by Th. Abplanalp

11/05 2018

1.0.1

1.0.1.0

Skyline Security takes responsability to make your application secure and authenticte clients. It also provides an authorisation mechanism.

  Sources   Download

MIT

The Requires

 

by Th. Abplanalp