On Sep 17, 6:52 pm, Fabien Potencier <fabien.potenc...@symfony- project.com> wrote: > On 9/17/10 11:09 AM, Cyrille37 wrote: > > I like the concept of ACL applied on the Model. > > I used to apply it when worked with Java. I used the ACEGI framework > > (http://www.acegisecurity.org/) to protect the Model and do not rely > > on web page developper for managing rights. > > > I did not find this concept around Php. I think, from an industrial > > view, it's a must have.
I was just about to post the Acegi link but you guys are already on it :) Here's the latest API: http://static.springsource.org/spring-security/site/apidocs/index.html > I makes a lot of sense but how can you do the same in PHP? The only > possibility is to have AOP. > > Fabien Maybe we want to ask what kind of security people need. URI-level/ controller-level (declarative) and programmatical (pragmatic), which the former has already been achieved by Sf1 but the latter still falls back to be the developer's responsibility to include them in functional code (in controllers or services). I believe controller-level security is able to cover security for most cases in terms of a web app or web service, we can provide some options to provide a custom handler during pre*Action(). Maybe we can ask another question, if Sf2 only provides controller- level security, will this meet many people's need? But given that Sf2 is more than just an MVC framework (it has a very powerful container for example), container-managed security undoubtedly is gonna make more people happy (I didn't say "need"). -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
