Features

MDSecurity has been built while focusing on possible security attacks as well as extendability. I know how different every coders style can be and as such I wanted to make this library simple and easy for everyone to use and extend for their own purpose. Some of the key features of the MDBitz Security and Authentication Framework can be found below. To view further details on security vulnerabilities that the framework protects against please visit the Security page

User Authentication & Permissions

The MDSecurity Framework allows for user to easily implement their own authentication protocol by extension of the MDSecurity_AccessControl abstract class that defines all the base methods utilized by framework. Currently the framework contains the following built int Access Control Engines.

Static Authentication

  • MDSecurity_AccessControl_Basic: This authentication module verifies the inputted user’s userName and password against the configured static userName and password.
  • MDSecurity_AccessControl_BasicEncryption: Similar to the Basic authentication this module is intended to be used by encrypting the Users password on the client side via javascript then comparing the encrypted value against the encrypted value of the static password.

Database Authentication

  • MDSecurity_AccessControl_DB_Basic: This authentication module verifies the inputted user’s userName and password against users in a database table.

Encryption

Every application has its own needs as far as data encryption and to streamline the encryption of data on both the server and client side MDSecurity utilizes Encryptors. Encryptors define the methods for encrypting a variable in both JS and PHP, and if applicable the decryption methods as well.

Supported Encryption

  • Base 64
  • md5
  • sha1
  • sha256

Session Authentication & Timeout

The MDSecurity contains the capability to provide authentication of the user’s IP Address, Browser Agent, and Max Attempts. These are fully configurable allowing you to easily determine what you want to verify. In addition MDSecurity allows you to set both a session timeout and a request timeout allowing you to define how long a session is valid for and when to invalidate the session upon inactivity of the user.

Session Handlers

As authentication information is saved in the Session it made sense to include session handlers into the MDSecurity framework so that a user did not have to worry about the proper order of operations and inclusions.

  • MDSecurity_SessionHandler_FilePath: This module allows you to modify the file path that the session data is saved to.
  • MDSecurity_SessionHandler_Database: This module allows you to save the session handling so that session data is saved in a database.