tl; dr version I need a sex session and authentication handler for the company's public internal tool. Should I create my own or is there an existing tool that everyone finds dreamy?
Here are my features:
Authentication: I spent the past few weeks studying the security risks of users in PHP, and it seems that the further down the rabbit hole you dive, the more you need to learn. I am sure that I can write a system that rotates sessions for each request, can prevent XSS and XSRF and, as a rule, protect my backends quite well. I hesitate to look at existing tools simply because it is easier to trust and blame myself than anyone else.
Session processing: The more I looked at security, the more pragmatic it seemed that it was smarter to use session processing inside a database, rather than built-in to PHP. This way you can create and control ACLs easier, clustering, etc.
My concern with the database structure is that if several hundred people are clogged in this database at the same time, changing each session of the session_ids session, I may run into some performance problems on a scale.
Initially, I planned to create my own classes for this in PHP and use MySQL as a backend. Now I'm worried that MySQL will have concurrency problems. I looked at NoSQL like MongoDB, but then I paralyze myself, thinking that I might TRANSFER this whole damn thing. Then, after the pain in the brain is over, I start thinking: "Someone has to do it, and I guarantee that they thought about everything that I am too stupid to consider."
, , , , . -, , , , , , ?
, , !