Update: You can safely ignore this angry rant as the issues have been fixed. I am speechless. While doAuthPlugin looks interesting (especially because it uses inheritance and not some silly secondary Profile table), on the topic of security it is worse than sfDoctrineGuardPlugin. Let’s have a quick look at doAuthTools. public static function rememberHash(User $user) [...]
Tag Archives: Symfony
Security is not easy
Update: After a year, both plugins are finally updated with a better random key generator. Security is not easy. Programmers should leave things like random number and identifier generation to a library (or at least research the best way to do it). A lot of projects learned it the hard way. Let’s talk for instance [...]
Posted in PHP, Symfony Also tagged entropy, full disclosure, PHP, random numbers, security 8 Comments
Extract from Doctrine_Record
/** * returns an array of modified fields and associated values * @return array * @todo What about a better name? getModifiedFields? */ public function getModified() { $a = array(); foreach ($this->_modified as $k => $v) { $a[$v] = $this->_data[$v]; } return $a; } /** * REDUNDANT? */ public function modifiedFields() { [...]
