What do you think about encouraging devs to use securer authentication mechanisms?
I’m currently looking at the default IUserIdentity implementation CUserIdentity, which operates on a username/ password base. Since the framework ships with no alternative implementations and the class is used by the skeleton app generated by yiic, I bet a lot of people stick with that approach.
"THE DEFINITIVE GUIDE TO YII" already talks about the problem with plain text passwords and why it is a bad idea to save them to DB. But why not take this a step further and discourage devs to send plain text passwords over the net in the first place?
Instead of using a username/password based identity default implementation, yii2 could encourage the use of a username/password-hash based default implementation. It might be a bit problematic to turn the password entered by the user into his browser into a hash before sending it. Seems like this required a client side script (would have been better if there was a standard embedded in the browsers, but I couldn’t find anything). And of course, relying on scripts in turn means there needs to be a fallback to plain text passwords in case the user disabled scripts. So a second identity implementation like the current CUserIdentity would be needed as well. But at least this one wouldn’t be used as the default then.
Of course, this would make it more complicated to understand how yii’s authentication flow works. I’m not sure what is more important: Making it easy for yii beginners to become comfortable with the framework or adding a bit of default security. One could argue that yii as a framework only provides the infrastructure to implement whatever one needs (including auth mechanisms). But on the other hand, setting a good example wouldn’t hurt, would it?