Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Currently working on a pretty basic hosted PHP app which I’m in the process of migrating to Zend on AWS. I have no real background in security, which is why I’m delegating the ‘sysadmin’ side of things to Amazon/Zend. Is it reasonable to assume that I can rely on Zend’s authentication and authorization for my web app which will be deployed in a commercial context? I don’t want to put something out there which will be vulnerable to a login attack.
The answer to your question in the title would be a simple yes because they offer options to make your web app secure. But, when I read the text I am worried about your expectations because the secure options are just that, options. You cannot delegate ‘sysadmin’ to either of them.
Zend’s authentication and access controls are loose components waiting for you to be used and AWS, in their own words, is “an infrastructure web services platform in the cloud”, i.e. just a network. Just because of their existence you cannot expect to have a secure web app. AWS will allow you to host your web server and web app in a secure way. On the other hand with Zend’s authentication and ACL you have excellent classes for an easy authentication setup but for both you have to know how to use them and how to implement them properly in your web app.
Unfortunately you say you have no real background in security. If you don’t know how to implement authentication–in any form or style–then your web app will have more holes than Swiss cheese.