I am unable to reproduce the issue you're describing. As I understand it best, *you* control what is retrieved from the database in your UserProviderInterface. That is, of course, assuming you are using "entity" authentication.
On May 24, 9:25 am, dbenjamin <bd.web...@gmail.com> wrote: > Hi, > > I see that the password is not hydrated when retreiving user through > security context. > > But when a provider fetches the user from a database, not having the > password forces the developper to execute an extra request just to be able > to save the user without a null password. > > I know that's a security matter, but i feel like i'm doing the exact same > query the provider does a second time when it could be avoided. > > What's the best practice for this ? > > Thanks. > > * > -- > Benjamin Dulau - anonymation CEO > anonymation.com | code.anonymation.com > ben...@anonymation.com > * -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
