Users' section for high volume of users

[Manaus]

Hello, I'm wondering if it makes sense to use the built-in users functionality for managing -- hopefully -- thousands of users who should not have access to Processwire admin pages?
Thats like saying I need users of my app, not my cms' installation. 
Are there pros-cons of creating my own users management system, from a security point of view?

Thank you very much

[netcarver]

@Manaus Take a look at Lakeland Trails from @Pete at Nifty Solutions. Almost 52 thousand users.

Might be worth pinging him to ask more about the actual pros/cons of doing it that way.

[teppo]

1 hour ago, Manaus said:

Hello, I'm wondering if it makes sense to use the built-in users functionality for managing -- hopefully -- thousands of users who should not have access to Processwire admin pages?
Thats like saying I need users of my app, not my cms' installation.

As netcarver pointed out above, the amount of users is not going to be a problem. One site I've worked on recently has ~25 thousand users, most without admin access (just to a members area and a discussions forum), and that setup works just fine.

One thing you need to take care of is that you don't grant said users' role/roles any admin-related permissions. Additionally if your site has front-end features that these users are not allowed to access, you'll want to make sure that you don't rely on $user->isLoggedin() alone, but rather always check that the user has expected role or permission.

1 hour ago, Manaus said:

Are there pros-cons of creating my own users management system, from a security point of view?

If you mean rolling your own system for handling all aspects of user management — authentication, authorisation, etc. — then I would recommend against it. ProcessWire has a solid system for handling such needs built-in, whereas any custom-built authentication solution would be a major security hot spot.

In case ProcessWire's built-in system won't cut it for some reason (which I highly doubt), next best option would likely be using something like Laravel (or another application framework with proven track record) for this part.