On 13.09.2010, at 16:00, Fabien Potencier wrote: > Hi Matthias, > > On 9/13/10 11:02 AM, Matthias Nothhaft wrote: >> Hi, >> >> I've created a heavily extended version of the sfUser class in my >> mdUserPlugin [1] with many additional features. (sorry, no docs, not >> 100% unit tested..). I have some ideas to make it even better by >> moving things into dedicated "sub services" and some other >> refactorings.. For example I'm currently thinking about moving the sf >> 1.4 credentials handling into its own "credential bag" so one can >> easily replace it. Anyway.. I'm very interested in the sycurity >> features of Symfony2. Maybe you can already give some rough >> information of the new concept? > > Basically, I want Symfony2 to support more than just username/password > authentication methods. Symfony2 security should work easily with HTTP auth, > CAS, OpenId, X509 certificates, and some more. So, the code will leave in a > dedicated component (Security), and integration will be done in the > FrameworkBundle bundle (should be light enough). The Security component won't > be tied to any other Symfony2 components either, and will be usable outside > of a Symfony2 MVC project. You can think about it as being a sfGuardPlugin on > steroid. I cannot say much more than that right now as I don't have much code > yet.
so basically you want to improve the out of the box experience in terms of authentication? of course a useful thing, but imho not sooo important. i mean it didnt seem too hard to me do what something on your own in symfony 1.x. at any rate its not hard to make this pluggable. where things are a lot trickier is on the permission end. i think the credential support in symfony 1.x was again a nice baseline that handled many many cases quite elegantly and sf*GuardPlugin nicely filled in some more advanced features. but the key thing that i would like to see addressed in a more consistent manner in the symfony community is checking of permissions when reading models. this obviously requires support on the ORM/ODM level. regards, Lukas Kahwe Smith [email protected] -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
