Hacker News new | ask | show | jobs
Ask HN: How do you write your own framework with user authentication?
6 points by Deezul 5569 days ago
Every time I start a project I am faced with the dilemma of "just doing it" or "doing it right" with an infinite amount of positions between. Most times I’m just looking to integrate with a sturdy user authentication system, there aren’t many other things I find myself really needing as I am developing an idea. What should I account for when building a lightweight framework for personal projects? What am I missing? Sometimes I feel frameworks are so robust I couldn’t possibly justify the need for it with a meager project, even though I would like most of these projects to flourish into an eventual revenue producing product. I would say my biggest stumbling block would be wanting to focus on building my idea in code and not focusing on the user authentication / security. I’ve often integrated custom code within a CMS, but if feels very clunky and restricting. What are some best practices for implementing your own user authentication system? I mostly code in straight PHP, but I’m not against moving to another language or a light non-obtrusive framework.
1 comments
bgraves 5569 days ago
I don't have any first hand knowledge, but I generally stick with the conventional frameworks for any significant projects (programming language agnostic) especially when user data or authentication is concerned.

Here's a few potentially helpful links:

SO Community wiki on PHP Frameworks: http://stackoverflow.com/questions/2648/what-php-framework-w...

SO discussion thread on custom php frameworks:http://stackoverflow.com/questions/2885384/custom-php-framew...

SO discussion on using custom frameworks vs. Zend:http://stackoverflow.com/questions/4368316/looking-for-custo...

Creating a Secure Login System the Right Way:http://tinsology.net/2009/06/creating-a-secure-login-system-...

I think the biggest reason to use a framework is because of all of the unknown unknowns about web security. You certainly don't need a huge framework to handle the basics of web development, but once you get into anything past that it's better to have a framework. Andre Torrez wrote a memorable piece on just some of the unknown-unknowns [1]. There are a million little pieces that are non-trivial to the success and safety of web apps that need to be addressed.

[1] http://notes.torrez.org/2010/12/learn-to-program-in-24-hours...

link