northox/nicht

语言: PHP

git: https://github.com/northox/nicht

一种非侵入式,面向安全,快速且轻量级的框架
A nonintrusive, security oriented, fast and lightweight framework
README.md (中文)

警告

这段代码死了只应该用作参考。没有提供支持。使用风险由您自己承担。

Nicht是一种非侵入式,面向安全且高性能的PHP5轻量级框架,用于开发小型到平均大小的Web应用程序。我们在各种环境中使用了一段时间(〜2004年),并认为其他人可能对使用它感兴趣。

描述

这个框架尽可能简单。我们的想法是让您不受约束,然后让您根据需要构建应用程序。该框架不提供一套精美的图书馆来回答您所有可能的愿望。相反,它会让你使用你想要的任何东西而不会干扰。

Nicht主要接口规范化的认证,授权和导航方案。此设计的目标是提供一种与大多数类型的后端集成的一致方式,而无需对应用程序逻辑进行任何内部更改(例如RDBMS(MySQL,PostgreSQL等),平面文件,Kerberos,LDAP,Active Directory,PAM或其他)。

Nicht以安全性为主要关注点。已经做出一些基本的架构选择来支持这个目标:

  • 最小化攻击面:除Nicht索引之外的所有代码都位于Web根目录之外(即project / www /)。
  • 积极的安全模型:未经事先授权,没有任何部分可用(白名单:默认访问受限制)。粗粒度授权和身份验证是无缝实施的,它们适用于每个部分而无需任何其他代码,例如,您不需要在每个部分的开头添加函数调用以确保正确授权。
  • 保持简单愚蠢:Nicht是一个非常简单和轻量级的框架。该架构非常易于理解且易于使用。

如果你想了解它是如何工作的,请阅读Nicht.class.php。

目前实施的认证模块:

  • MySQLi PBKDF2(基于密码的密钥派生函数) - 强哈希(sha256),多次迭代(20k),随机salt - auth,set。
  • LDAP / LDAPs - auth

目前实施的授权模块:

  • MySQLi - 一个表组

密码质量执行者

为了防止常见的密码攻击,已集成了Stupid Password。

模板系统

从我们测量公共模板系统的性能影响开始,我们就直接使用PHP。但是,如果需要,您可以轻松集成大多数模板系统。我们测试了Smarty,Template lite和Savant3。

执照

BSD许可证。换句话说,它是免费软件,免费啤酒免费。

作者

Danny Fullerton - Mantor组织 Jean-Francois Rioux - Mantor组织

本文使用googletrans自动翻译,仅供参考, 原文来自github.com

en_README.md

Warning

This code is dead is should only be used as a reference. No support provided. Use at your own risk.

Nicht

Nicht is a nonintrusive, security oriented and high performance PHP5 lightweight framework for the development of small to average size web application. We been using it for a while (~2004) in various environments and thought others might be interested in using it.
nicht

Description

This framework is as simple as it can get. The idea is to get out of your way and let you build the application however you want. The framework does not offer a suite of fancy libraries to answer all of your possible wishes. Instead, it will let you use whatever you want without interfering.

Nicht mainly interface a normalized authentication, authorization and navigation scheme. The goal of this design is to provide a consistent way of integrating with mostly any type of backend without any internal change to your application logic (e.g. RDBMS (MySQL, PostgreSQL, etc), flat file, Kerberos, LDAP, Active Directory, PAM or others).

Nicht have been built with security as a primary concern. Some basic architecture choice have been made to support this goal:

  • Minimize attack surface: All code except Nicht's index is located outside the web root (i.e. project/www/).
  • Positive security model: No sections are available without prior authorization (white-listing: by default access is restricted). Coarse-grained authorization and authentication are imposed seamlessly, they apply to every sections without any additional code, e.g., you don't need to add a function call at the beginning of each sections to ensure proper authorization.
  • Keep it simple stupid: Nicht is a very simple and lightweight framework. The architecture is extremely easy to understand and easy to get right.

Read Nicht.class.php if you want to learn how it works.

Authentication modules presently implemented:

  • MySQLi PBKDF2 (Password Based Key Derivation Function) - strong hash (sha256), multiple iteration (20k), random salt - auth , set.
  • LDAP/LDAPs - auth

Authorization modules presently implemented:

  • MySQLi - one table group

Password quality enforcer

To prevent common password attacks, Stupid Password has been integrated.

Template system

We use PHP directly since the moment we measured the performance impacts of commons templating systems. However, if needed you can easily integrate most templating system. We tested Smarty, Template lite and Savant3.

License

BSD license. In other word it's free software, free as in free beer.

Authors

Danny Fullerton - Mantor Organization
Jean-Francois Rioux - Mantor Organization