…of the package... and then each package can have different recipes for different versions. Our recipe lives in sensiolabs/security-checker/4.0. Every recipe has at least this manifest.json file, which describes all of the "things" it should do. This copy-from-recipe…

…find the config file, copy the root key - scheb_two_factor - and paste. Awesome! We see security_tokens with UsernamePasswordToken... that's no surprise because that's what we have here. But this also shows us some default values that we have not specifically configured…

…is kinda cool. If a listener to kernel.request somehow already has enough information to return a response... it can do that! It's not super common, it could be used for security or a maintenance page... but hey! Let's try it ourselves! In…

…Client Credentials: making API requests for our own account Authorization Code: Getting a token for another user's account Logging in via OAuth OAuth with Facebook OAuth in JavaScript with Google+ Handling Expired Tokens Using Refresh Tokens Tightening up Security As we go through these…

…$id variable argument. Like before, this query has a variable part to it, so it is a security flaw. But we’re going to fix it in a few seconds: function get_pet($id) { } Understanding Function Scope¶ Now we have the query, but we don…

…the routing layer happens! That's RouterListener. You can also see Firewall: this is where authentication takes place. Security is a complex system... so being able to see a bit about what happens inside of it is pretty cool. At some point... it calls a…

…files left. Open account/index.html.twig: Yep, this has a link tag to the first... and in security/login.html.twig, here's the other: Oh, and we also include login.css from register.html.twig: This is kind of a tricky situation.... because…

…the database, checking their password and even protecting ourselves from the Borg Collective... with CSRF tokens. So let's start to look at the second part of security: authorization. Authorization is all about deciding whether or not a user should have access to something. This…

…use the micro instance size, and just use the default settings on the next screens. For the security group, I'm going to select a group I already created: "Web Access Testing." The important thing is to allow port 22 for SSH and ports 80…

…Symfony 2.0, but was called “sub-requests”. In 2.2, the feature has been overhauled for flexibility, speed and security. Understanding Http Caching, ESI and Fragments¶ One of the best features of Symfony is its use of Edge Side Includes or ESI. This is…

…secrets management Auto-validation The new PHP 7.4 "preload" file Using "migrate_from" to migrate your hashed passwords for max security bin/console lint:container And these are just my favorite features (see Symfony.com 4.4/5.0 Features Blog for even more…

…barkbite.com, password woof. And when we submit... access denied! No worries: click down on the web debug toolbar's security icon... and go to "Access Decision". Yup: we were denied access because it was looking for a role called ROLE_NGLAYOUTS_ADMIN. To access…

…Here, you can see blog posts that are categorized by each version. This is a collection of blog posts about what's new in Symfony 5.1, like the new security system. And... here are posts about what's new in Symfony 5.3, or…

…what's actually stored on this field is a "hash" or kind of "fingerprint" of the plaintext password and there are multiple hashing algorithms available. The one you're using is configured in config/packages/security.yaml: The encoders section says that whenever we encode…

…vendor/bin/phpspec run Booya! New plan time team! Let's add a method to the service where we can pass it the number of dinosaurs we want, how much security we want, and... it will take care of the rest! Let's examplify that…

…pass it that plaintext property, which will be stored on the password property. That's both weird - because the password field should always be encrypted - and a potential security issue: if we somehow accidentally save the user at this moment, that plaintext password will go…

…to app_login and the method to login(): We don't need to pass any variables yet, and we'll call the template login.html.twig: Next, down in templates/security, rename index.html.twig to login.html.twig. Let's try it! Move over…

…we would grab the email, grab the password and do some magic. Well... we are not going to do that. Symfony's security works in a bit of a "magical" way, at least, it feels like magic at first. At the beginning of every request…

…is because I want you to know what it is if you see it, and, it leads us towards a few other interesting things. Let's play a little bit in security.yaml. Under access_control add a new entry with path ^/account. Yes…

…pff, life is easy! On a day-to-day basis, you'll spend most of your time in a controller where... well, there's really only two things you can do related to security. One, deny access, like, based on a role: Or two, figure…