Design question - login now or login later?

Dagon · September 4, 2021, 12:37am

Hi,

I’m new here, first message, and I’m just starting to learn PHP/MySQL. I’ve watched several beginner’s videos, and I’ll start practising.

I want to develop a web application for my work. Right now, we are using Excel on steroids, but I can see very well where having the whole thing shared on a DB would be so much more efficient. Anyway, my question is the following : Since the app I want to create will deal with a lot of different objects (users, projects, list of stores, list of standard tasks, etc.), I would like to start by coding each individual items, and by such, creating the typical “add user, modify user, delete user, display list, search, etc…”. I want to make sure all my individuals objects are working fine. Eventually, my application will require to log in, and based on the user permissions, each of these objects will display, or not. My question : Can I just start by coding my all pages/functions without bothering about user permissions yet, and then add them later, or it should be in my design from the get go?

Thanks for sharing your advice!

Ben

Strider64 · September 4, 2021, 12:53am

This is how I do the work flow. I create a simple login for myself without a registration as that will come later. If I need to add a person I would add that person manually with their own login credentials. That way I can code data that might be sensitive to unwanted people.

Another way to do it is do it on a local server that doesn’t have access to the internet or have it where the workflow isn’t capable of being put on the internet. I’m not an IT person so I don’t know exactly how you would do it and if you don’t have administrator privileges then you will have to work that person (whatever their title is).

jpajak · September 4, 2021, 11:05am

I think there’s no straightforward answer to this question - it very much depends on the functionality you are after and the granularity of user authorization.

If we are talking about a simple CRUD system with a login/password form setup that filters the site sections from unauthorized users, then I would say it’s safe to skip authentication until the very last step (it will save you work). The reason for that is that it’s much easier to develop a CRUD app without worrying about an authentication layer in the middle. This way, you can focus on the problem you are trying to solve and then add a security layer last.

On the other hand, if you need some very granular authorization depending on user roles that will have significant impact who gets access to what and it will influence features somehow, then I would recommend having the authorization system in place first since it will dictate the way features work.