The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
The other option I've not seen mentioned here is running your own LDAP rather than rolling a database. Every cloud service I've looked at offers the option of spinning up an AD server. It requires a little bit of compliance and maintenance, but it scales well and addresses a number of security concerns out of the box.
"Never attribute to malice that which can be explained by stupidity."
- Hanlon's Razor
would you guys will be willing to use a website where only way to authenticate is using either Google/FB/MS account ?
It can be quite convenient. As others have said, I'm not keen though on having some one-off site gather a bunch of personal information.
and i am trying to reduce the development time in every possible way
There's quite a few open source examples of using Google/FB/etc for authentication, in a variety of languages.
Rolling your own authentication can be a PITA. Besides the obvious (encrypting the password) it requires:
Are you sending an email with a link to confirm registration?
How does the user change their password?
How does the user recover a lost password (more emails usually)
What about 2-factor authentication (typically a text message)
Which means setting up an email server (along with the associated risk of more open ports and the overhead of setting up yet another secure server), one-time tokens expirable tokens for registration, password change and password recovery, possibly connecting to an SMS provider for 2-factor authentication, and probably CSRF/XSRF/XSS protection.
Oh, and cookies or some other mechanism to implement "Remember Me"[/edit]
the app/website i am building will be free to use. As per now i am not aware of any service which is providing that free of cost. So my options are limited to use some already written module for user management and maintain the server/security etc or avoid it altogether by using Google/FB/MS etc. In case if you know of any service which provide that service for fee up to say 1000 users definitely i will be willing to give it a try.
I'd prefer to not use Google/FB/MS for logging into anything but as a developer I recognize the convenience of utilizing it for speed, ease, and so on.
Why do I prefer not to? A multitude of reasons. First... single password, multiple sites. With individual logins I can create a unique password for it. If your site gets compromised, only that site is compromised. Second, the big guys aren't perfect either. Google just admitted it knew about a security bug which gave developers access to private profile data and chose not to disclose it. Facebook just had a bug that allowed your account to be impersonated on linked services. Twitter had that bug where all logins and passwords were being written in plain text to the internal error logs. MS has had their own security problems in the past.
I tend to avoid sites and services that force me through one of those routes if there is a viable alternative. I also recognize that those views put me in the minority.
Company switched over to gmail some weeks ago, and I was used to having spam fully disabled. Gmail is a bit fiddly with it but you can make a filter which I assumed meant any spam would go to the inbox.
So when I noticed the spam count of 1 this morning. Click the tab and see a Microsoft Insider Program newsletter.
My first reaction is, "Oh okay, it's a newsletter that a bunch of others might have clicked spam to, and gmail with its black box just following what the masses it told it."
but "I stopped getting spam things. Odd, the filter is working. I have really bad spam in my inbox."
NO "is google hiding any potential Microsoft tools which could make me switch back to office?"
Let me actually read the stub alert for its reason.
"Ahhh, redirected from my old account and gmail unable to verify sender."
That is all good. No worries.
Test sending to the old email account to see if my filter works on those as well.
Email arrived into Inbox.
But these are still in production, to my surprise: Wilesco D16[^]
I had one when I was a kid, probably handed down from my uncle. I never bothered to oil the piston before running it, but it worked anyway. I wonder what became of it. It probably disappeared when we moved to Texas. Or it still is hidden in a storage box.
I have lived with several Zen masters - all of them were cats.
His last invention was an evil Lasagna. It didn't kill anyone, and it actually tasted pretty good.
Considered purely as music, that is a beautiful version - and there are several other beautiful versions at YouTube. But nothing makes me associate to machines in any of those performances. In these beautifully sounding versions, the lute comes through strong and clear...
The L'Arpeggiata / Vincenzo Capezzuto version, especiall when played at a high sound level, is the only one I know of where I can hear those machine noises to which "the warbling lute, though used to conquest, must be forced to yield, with thee unable to dispute".