Chapters
47 Chapters
|
4:41:51
|
Login to bookmark this video
-
Course Code
Subscribe to download the code!
Subscribe to download the code!
-
This Video
Subscribe to download the video!
Subscribe to download the video!
-
Subtitles
Subscribe to download the subtitles!
Subscribe to download the subtitles!
-
Course Script
Subscribe to download the script!
Subscribe to download the script!
Scroll down to the script below, click on any sentence (including terminal blocks) to jump to that spot in the video!
Subscribe to jump to this part in the video!
Keep on Learning!
If you liked what you've learned so far, dive in! Subscribe to get access to this tutorial plus video, code and script downloads.
This tutorial also works great for Symfony 6!
What PHP libraries does this tutorial use?
// composer.json
{
"require": {
"php": ">=8.2",
"ext-ctype": "*",
"ext-iconv": "*",
"babdev/pagerfanta-bundle": "^3.3", // v3.3.0
"composer/package-versions-deprecated": "^1.11", // 1.11.99.4
"doctrine/annotations": "^1.0", // 1.13.2
"doctrine/doctrine-bundle": "^2.1", // 2.6.3
"doctrine/doctrine-migrations-bundle": "^3.0", // 3.1.1
"doctrine/orm": "^2.7", // 2.10.1
"knplabs/knp-markdown-bundle": "^1.8", // 1.9.0
"knplabs/knp-time-bundle": "^1.11", // v1.16.1
"pagerfanta/doctrine-orm-adapter": "^3.3", // v3.3.0
"pagerfanta/twig": "^3.3", // v3.3.0
"phpdocumentor/reflection-docblock": "^5.2", // 5.2.2
"scheb/2fa-bundle": "^5.12", // v5.12.1
"scheb/2fa-qr-code": "^5.12", // v5.12.1
"scheb/2fa-totp": "^5.12", // v5.12.1
"sensio/framework-extra-bundle": "^6.0", // v6.2.0
"stof/doctrine-extensions-bundle": "^1.4", // v1.6.0
"symfony/asset": "5.3.*", // v5.3.4
"symfony/console": "5.3.*", // v5.3.7
"symfony/dotenv": "5.3.*", // v5.3.8
"symfony/flex": "^1.3.1", // v1.21.6
"symfony/form": "5.3.*", // v5.3.8
"symfony/framework-bundle": "5.3.*", // v5.3.8
"symfony/monolog-bundle": "^3.0", // v3.7.0
"symfony/property-access": "5.3.*", // v5.3.8
"symfony/property-info": "5.3.*", // v5.3.8
"symfony/rate-limiter": "5.3.*", // v5.3.4
"symfony/runtime": "5.3.*", // v5.3.4
"symfony/security-bundle": "5.3.*", // v5.3.8
"symfony/serializer": "5.3.*", // v5.3.8
"symfony/stopwatch": "5.3.*", // v5.3.4
"symfony/twig-bundle": "5.3.*", // v5.3.4
"symfony/ux-chartjs": "^1.3", // v1.3.0
"symfony/validator": "5.3.*", // v5.3.8
"symfony/webpack-encore-bundle": "^1.7", // v1.12.0
"symfony/yaml": "5.3.*", // v5.3.6
"symfonycasts/verify-email-bundle": "^1.5", // v1.5.0
"twig/extra-bundle": "^2.12|^3.0", // v3.3.3
"twig/string-extra": "^3.3", // v3.3.3
"twig/twig": "^2.12|^3.0" // v3.3.3
},
"require-dev": {
"doctrine/doctrine-fixtures-bundle": "^3.3", // 3.4.0
"symfony/debug-bundle": "5.3.*", // v5.3.4
"symfony/maker-bundle": "^1.15", // v1.34.0
"symfony/var-dumper": "5.3.*", // v5.3.8
"symfony/web-profiler-bundle": "5.3.*", // v5.3.8
"zenstruck/foundry": "^1.1" // v1.13.3
}
}
12 Comments
hi, when i use lougout true in security.yaml and when i try make debug de security i have this error
Unable to parse at line 23 (near "logout:true").
Hey Naglaa-Fouz,
Hm, that sounds like you have a syntax error in that
security.yamlfile. Please, double-check the syntax, in particular, add a space betweenlogout:andtrue. Also, make sure the indentation in that file is consistent.If you still cannot solve this error - please, share your
security.yaml's content with us in a comment and I'll take a look for you.Cheers!
I find it a little ironic that the course on Symfony Security is suggesting to tell potential hackers, if the username/email exists or not.
By knowing that emails exists but entered a wrong password, you're half way there to hacking the site, this eases the attack a lot.
Invalid credentials message is in my opinion always a better option.
Any takes on this?
Hey Tomas norre M.!
Fair point to bring up :).
> By knowing that emails exists but entered a wrong password, you're half way there to hacking the site, this eases the attack a lot.
If you know for a fact that an email exists on the site, you've still got quite a lot of work (passwords to try) in order to actually gain access. If you are using a list of "pwned" passwords, then if an account is using that same password on your site, it will help the hacker a bit to know that the account exists... but probably not that much. It would only help if an email had 5 pwned passwords... and then they could have the confidence to try the next 4 or skip the next 4 after trying the first.
> Invalid credentials message is in my opinion always a better option.
I'm not sure. It's easy to say "yes" to this, but I think what you're mostly protecting by always using "invalid credentials" is whether or not someone has an account on your site... if that fact is sensitive. As I mentioned in the video, knowing someone has an account on Symfonycasts probably won't cause any scandal. However, if you run a gambling site or (use your imagination) something much more sensitive, then being able to discover who has accounts could be disastrous.
And, of course, the "email not found" message is a better user experience. That shouldn't trump security, but I'm not convinced there's a real security problem here for most sites. And, a lot of big sites seem to agree. If you try to, for example, log into facebook with a correct email but incorrect password, it DOES tell you that the account exists (and that your password is wrong).
Cheers!
Thanks for taking your time to answer. I follow you, no doubt about that.
And I really enjoy watching your courses. I'm 20+ years into PHP Development, and still learn from the videos.
Using them as a brush-up course.
Thank you for the kind words! ❤️❤️❤️
I am very, very glad to see that you will handle the Scheb 2fa!!!!! Can't wait to see this one.
Keep on with your excellent work!
Hey Oliver,
Thank you for your feedback! Yeah, 2FA is something that was asked a lot lately! And I'm happy to see it's covered in this course :)
Cheers!
hi when this course will be updated ? I want to continue this symfony track !
Hey @zarloon,
What do you mean updated? This course is in active release state, so it is releasing now and it should be 1 chapter per work day.
Cheers!
Oh yes sorry for my english. I wasn't aware about that :D
Just have to wait for the next chapter then. Really good job i'm glad to have suscribe.
I'm happy to hear that! Thanks that you are staying with us!
Stay safe and keep learning!
Cheers!
"Houston: no signs of life"
Start the conversation!