Hi,
loadUserByUsername() is not used to check the password. The password is
checked once you get the user in memory by comparing the hashes (or
plaintext if no encoder is used).
You will need to implement the web service so you could return the user by
its username, and configure Symfony so that it checks the password with the
correct hashing algorithm that is stored in the user object.
Think of loadUserByUsername() as if you were executing a SELECT * FROM User
WHERE username = $username, and then you check that the hashes coincide
through PHP.
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups symfony users group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en