FWIW I created a PHP script that utilizes the demo "navigator" apps login
screen scripts. So everything is verified and based on the IBM "i" user
credentials (of course you could roll your own security/login prompt,
etc.)
Thanks,
Tommy Holden
From: Jon Paris <jon.paris@xxxxxxxxxxxxxx>
To: midrange-l@xxxxxxxxxxxx
Date: 10/01/2010 11:02 AM
Subject: Re: PHP without Zend
Sent by: midrange-l-bounces@xxxxxxxxxxxx
Can you be more precise about what is wrong with Zend's offering?
More importantly perhaps have you asked Zend about the issues raised?
I am assuming here that you are talking about Zend Server (i.e. the
current product) and not Zend Core.
"authentication" is a function of PHP itself and (as far as I know) is
no more or less secure than any other language. There are also
multiple authentication options including having Apache do it against
IBM i user profiles. All of which is a way of saying that what they
are saying appears to make no sense.
Since Zend are the major contributor to the PHP engine and Zend Server
is a production hardened and secured version of the engine that
everyone else uses, I can't see how any other version would be more
secure.
Maybe Mike Pavlak can comment further.
Jon Paris
www.Partner400.com
www.SystemiDeveloper.com
On Oct 1, 2010, at 11:20 AM, midrange-l-request@xxxxxxxxxxxx wrote:
Operations tells me that the way Zend handles authentication doesn't
conform to our corporate security policies. As a result, we can't
install it on our system. I don't think this a battle I can win.
midrange.com
