Download the PHP package metaclass-nl/authentication-guard-bundle without Composer

On this page you can find all versions of the php package metaclass-nl/authentication-guard-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.

FAQ

After the download, you have to make one include require_once('vendor/autoload.php');. After that you have to import the classes with use statements.

Example:
If you use only one package a project is not needed. But if you use more then one package, without a project it is not possible to import the classes with use statements.

In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
Some PHP packages are not free to download and because of that hosted in private repositories. In this case some credentials are needed to access such packages. Please use the auth.json textarea to insert credentials, if a package is coming from a private repository. You can look here for more information.

  • Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
  • To use Composer is sometimes complicated. Especially for beginners.
  • Composer needs much resources. Sometimes they are not available on a simple webspace.
  • If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
  • Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Please rate this library. Is it a good library?

Informations about the package authentication-guard-bundle

Authentication Guard for Symfony 2

This bundle is no longer maintained and the repository will be archived. Symfony has protection against brute force attachs of its own.

INTRODUCTION

The OWASP Guide states "Applications MUST protect credentials from common authentication attacks as detailed in the Testing Guide". Symfony 2 has a firewall and a series of authentication components, but none to protect against brute force and dictionary attacks. This Bundle aims to protect user credentials from these authentication attacks. It is based on the "Tresholds Governer" described in the OWASP Guide.

FEATURES

REQUIREMENTS

This bundle is for the symfony framework and this version requires Symfony >=2.8.1. (for Symfony ~2.3 use v0.3, for Symfony 2.7 use v0.4) Requires metaclass-nl/tresholds-governor 0.3@dev but the service configuration still requires Doctrine DBAL >=2.3.

RELEASE NOTES

This is a pre-release version under development.

Currently the Bundle can only protect form-based authentication using the security.authentication.listener.form service (Default: Symfony\Component\Security\Http\Firewall\UsernamePasswordFormAuthenticationListener).

Throws specific types of Exceptions for different situations (for logging purposes) and leaves it to the login form to hide differences between them that should not be reported to users.

May be vurnerable to enumeration of usernames through timing attacks because of differences in database query performance for frequently and infrequently used usernames. This is mitigated by sleeping until a fixed execution time is reached. Under normal circomstances that should be sufficient if the fixedExecutionSeconds is set long enough, but under high (database) server loads when performance degrades, under specific conditions information may still be extractable by timing. Furthermore, the measures against timing attacks where not tested for practical effectiveness.

Tested with MySQL 5.5. and 5.7. Tested with PHP7.0.1. Tested with Symfony 3.0.1 and 3.1.3 . (without crsf token) Tested on Symfony 2.8.1 with FOSUserBundle 1.3.6 and 6ccff96 (> 2.0.0 alpha3). Tested on Symfony 3.2.12 and 3.3.5 with FOSUserBundle 2.0.1 and php 7.0.18.

DOCUMENTATION

SUPPORT

MetaClass offers help and support on a commercial basis with the application and extension of this bundle and additional security measures.

http://www.metaclass.nl/site/index_php/Menu/10/Contact.html

COPYRIGHT AND LICENCE

Unless notified otherwise Copyright (c) 2014 MetaClass Groningen

This bundle is under the MIT license. See the complete license in the bundle:

Resources/meta/LICENSE

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.


All versions of authentication-guard-bundle with dependencies

PHP Build Version
Package Version
Requires php Version >=5.3.3
symfony/symfony Version ^2.8.1 || ^3.0 || ^3.1
metaclass-nl/tresholds-governor Version ^0.3@dev
doctrine/dbal Version ^2.3.4
Composer command for our command line client (download client) This client runs in each environment. You don't need a specific PHP version etc. The first 20 API calls are free. Standard composer command

The package metaclass-nl/authentication-guard-bundle contains the following files

Loading the files please wait ....