Right now, password encoders are configured as part of the user
providers, e.g.
providers:
default:
encoder: sha1
// ...
This is based on the assumption that you want to use the same encoding
strategy for each user of that provider which is not always the case,
but most of the time you would rather want to choose the encoding
strategy based on the actual account instance that is returned by the
user provider (a user provider may return multiple different classes
which implement AccountInterface).
Therefore, I propose to give encoders an own configuration section:
encoders:
Bundle\MyBundle\Entity\User: sha512
This also allows us to design an easier extension point in case you
want to have even more flexible encoding, let's say by checking what
algorithm was used for the specific user instance.
Regards,
Johannes
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
