User Authentication

JH5

Been looking at different forms of user authentication systems in the past couple of weeks but there appears to be a lack of good information on what works and what doesn't or atleast I'm looking in the wrong places if its out there.

Was wondering if anyone had any good links to information on different authentication systems with information on pros/cons of the different types. Mainly looking for information on what is secure what isn't secure when it comes to user authentication and how things can be done to make the system harder to exploit.

MrAlaska

I am trying to sort out all the stuff myself. I haven't figured out what the best methods of authentication are. I have seen a lot of articles that insist sessions are the answer. From what I know right now I am inclined to favor cookies over sessions (to reduce the load on the server), myself, but that could change in a heartbeat as my knowledge increases. I have not had a chance to dig into .htaccess, ssl, or other types of server security.

Every time I read an article on PHP or MySQL exploits I hafta go through all my code again lol

Here are a couple bookmarks I happen to have handy, but the main reason I am commenting here is to make sure this shows up on my subscribed threads so I am sure not to miss any pertinent comments or links.

http://www.zend.com/zend/tut/authentication.php
http://www.securereality.com.au/archives.html
http://www.phpadvisory.com/articles/view.phtml?ID=5
http://www.devshed.com/Server_Side/PHP/UserAuth/page1.html