Thanks Oscar, for your feedback.
I have thought of using Form too, but it doesn't stop someone to
create an User Entity and save the data without encrypting the
password. For example, during loading data fixtures, no form is being
used, so it is up to the developer to remember to encrypt the
password? It also does not stop someone to create another Form that
save the password without encryption.
Of course, one can say that I can't stop someone from manually insert
data directly to the database without password encryption, but that's
not my point. Within the application, I want to enforce the business
logic to a single point rather than praying that I won't forget to
encrypt the password. So far, the only obvious single point is the
User entity itself.
Sorry for my English, I hope I managed to explain myself.
On May 26, 8:12 pm, oscar balladares <liebegr...@gmail.com> wrote:
> I'm doing it bypassing the entity from the form (obviously) to the entity's
> repository;
> the repo has a persistEntity(Entity entity) method, which encode the
> password
> and persist it with an entity_manager instance available in the repo
> context.
>
> This clears the controller from doing all that nasty stuff.
>
> Regards!
>
> 2011/5/26 Alex <malex13...@gmail.com>
>
> > Hi,
>
> > I just finished reading the security chapter of documentation and I
> > have a doubt. Under the section "Encoding the User's Password", it
> > suggests to encode the password in the controller:
>
> > $factory = $this->get('security.encoder_factory');
> > $user = new Acme\UserBundle\Entity\User();
>
> > $encoder = $factory->getEncoder($user);
> > $password = $encoder->encodePassword('ryanpass', $user->getSalt());
> > $user->setPassword($password);
>
> > Is that really the controller's "responsibility" to encode the
> > password rather than user entity? Since entity do not have access to
> > the security.encoder_factory service, is there a better way to
> > encapsulate this business logic somewhere else than in the controller
> > to ensure that every time the password will be encrypted every time it
> > will be set?
>
> > Thanks,
> > Alex
>
> > --
> > If you want to report a vulnerability issue on symfony, please send it to
> > security at symfony-project.com
>
> > You received this message because you are subscribed to the Google
> > Groups "symfony users" group.
> > To post to this group, send email to symfony-users@googlegroups.com
> > To unsubscribe from this group, send email to
> > symfony-users+unsubscr...@googlegroups.com
> > For more options, visit this group at
> >http://groups.google.com/group/symfony-users?hl=en
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
