Thanks Oscar, for your feedback. I have thought of using Form too, but it doesn't stop someone to create an User Entity and save the data without encrypting the password. For example, during loading data fixtures, no form is being used, so it is up to the developer to remember to encrypt the password? It also does not stop someone to create another Form that save the password without encryption.
Of course, one can say that I can't stop someone from manually insert data directly to the database without password encryption, but that's not my point. Within the application, I want to enforce the business logic to a single point rather than praying that I won't forget to encrypt the password. So far, the only obvious single point is the User entity itself. Sorry for my English, I hope I managed to explain myself. On May 26, 8:12 pm, oscar balladares <liebegr...@gmail.com> wrote: > I'm doing it bypassing the entity from the form (obviously) to the entity's > repository; > the repo has a persistEntity(Entity entity) method, which encode the > password > and persist it with an entity_manager instance available in the repo > context. > > This clears the controller from doing all that nasty stuff. > > Regards! > > 2011/5/26 Alex <malex13...@gmail.com> > > > Hi, > > > I just finished reading the security chapter of documentation and I > > have a doubt. Under the section "Encoding the User's Password", it > > suggests to encode the password in the controller: > > > $factory = $this->get('security.encoder_factory'); > > $user = new Acme\UserBundle\Entity\User(); > > > $encoder = $factory->getEncoder($user); > > $password = $encoder->encodePassword('ryanpass', $user->getSalt()); > > $user->setPassword($password); > > > Is that really the controller's "responsibility" to encode the > > password rather than user entity? Since entity do not have access to > > the security.encoder_factory service, is there a better way to > > encapsulate this business logic somewhere else than in the controller > > to ensure that every time the password will be encrypted every time it > > will be set? > > > Thanks, > > Alex > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony users" group. > > To post to this group, send email to symfony-users@googlegroups.com > > To unsubscribe from this group, send email to > > symfony-users+unsubscr...@googlegroups.com > > For more options, visit this group at > >http://groups.google.com/group/symfony-users?hl=en -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en