Login Script: Coding Forums Plugin - development needed and a view on its suitability
I've started a new project using Mozilla Persona as a base, in particular, looking to further develop a script written by Adrian Statescu.
The project came about because I needed a secure login script, and after googling discovered that the scripts on offer were either out of date, incomplete or simply insecure (after reading this outstanding piece on stack overflow: the-definitive-guide-to-forms-based-website-authentication
Whilst researching this I fell upon Mozilla Persona and it seemed the right way to go, separating the password from the user ID and providing a universal Mozilla managed ID verification account.
I noted that there is a general concensus of research opinion that currently 'web site security is in a very bad state', yet when searching for a login script, none of the big 3 systems appear in the search results (OAuth, Open ID, Persona).
It seems self-evident that if the secure systems are not promoted to the site developers (who are looking for such systems), then this bad state of affairs will continue.
I figured I could therefore kill two birds with one stone (three birds actually including website promotion), by instigating a project to develop the login script, learning & documenting how to promote the website, and therefore presenting it to everybody who is looking for such a solution (typically new developers such as myself).
I can make progress with SEO, and will document that, but I can't write the code to develop the script to its next stage.
Currently the script sets you up with a Persona account, and after user login, presents a verified email address (as the userID) to the developer.
As a short term fix, I've used local storage to hold the email, and deliver it to each page for the typical 'logged in as xxxxxxx@xxxx. com'.
Effectively a 'keep me logged in' system.
Clearly what is required is:
A mysql database solution, that can take the verified email address, check if it is in the dbase, if not then add it, if yes then populate any variables with that users website account data.
A system probably no different to the tens of thousands of site accounts, only far more secure, with no passwords being stored on the web, and with the dbase being setup using best security practice.
If this could be achieved, then it would be a huge advance for new developers, and for established developers, many of whom must be using insecure systems.
A worthy goal?
Rather than just talking about it, I set up a site making progress in understanding SEO techniques and what the SE's are looking for.
Much more to do, but at least okay to the point where I could put the project to Coding Forum Members.
So what does everybody think?
Developing scripts into a package and calling it a Coding Forums Plugin?
My thinking was that if the scripts were primarily developed by forum members, then it would be a de facto Coding Forums Plugin.
Ie. CF would get the credit, as would the individuals who put in the work on the scripts.
However, there is the question of 'branding'.... use of the CF name.
What do the owners of the site think?
Perhaps they'll look to the senior members views, or perhaps there is some legal aspects involved.
At the moment, the site is completely new.
Apart from the root, none of the pages are even SE indexed, so the only people looking at the site now are CF members.
I can easily remove references to CF, certainly in terms of any kind of official involvement.
Check out the site:
Mozilla Persona Login Script: Coding Forums Plugin