What solutions do you consider the best for implementing user authentication on a website or application?

P

Prazeodim2014-10-02 11:17:17

ruby

Prazeodim, 2014-10-02 11:17:17

Good afternoon!
What solutions do you use to implement this functionality?
What is your opinion of those you have encountered?
How do you compare them to yourself?
Perhaps you will advise excellent, in your opinion, materials on this topic?
What criteria do I see right off the bat, according to which it would be possible to classify: speed of work, reliability, degree of protection of user data, ease of implementation and understanding. The language is therefore not important, since only your opinion is interesting: why do you use this and that, what do you think about it?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

Sergey, 2014-10-02
@Prazeodim

Well, it all depends on the goals. If you have a rest api service, then you can not bother and implement simple authorization by token (something of your own, WSSE, JWT - to your taste). Naturally flavoring it all with SSL.
If you need to be able to authorize users for several resources and share the account database between them (as it is implemented on Habré, toaster, etc.), then the oauth server must be raised.
Well, or the usual authorization on sessions / cookies. Here you need to google in the direction of protection against session spoofing, etc. + again ssl.

X

xmoonlight, 2014-10-02
@xmoonlight

A long time ago the mail server was invented....
.............. (long story....)
MD5-CRAM ( en.wikipedia.org/wiki/CRAM-MD5)
Replace MD5 to something more substantial. For example, HMAC
Timers - to taste)