Update: You can safely ignore this angry rant as the issues have been fixed. I am speechless. While doAuthPlugin looks interesting (especially because it uses inheritance and not some silly secondary Profile table), on the topic of security it is worse than sfDoctrineGuardPlugin. Let’s have a quick look at doAuthTools. public static function rememberHash(User $user) [...]
Tag Archives: random numbers
Random fail
Yet another case of trying to be too clever with randomness!
Security is not easy
Update: After a year, both plugins are finally updated with a better random key generator. Security is not easy. Programmers should leave things like random number and identifier generation to a library (or at least research the best way to do it). A lot of projects learned it the hard way. Let’s talk for instance [...]
