I know mate.
The problem is the logged user can't have access to a specific module
if he don't have the Credential 6, but he is having access to it, even
without the Credential 6.
On 25 Mar, 10:31, Sid Bachtiar <sid.bacht...@gmail.com> wrote:
> Another thing...
>
> I think you confuse authentication and credential.
>
> is_secure is only checking whether the user has logged in or not
> (authentication), it doesn't check the credentials.
>
> A user can still logged in (authenticated) without having any credential.
>
>
>
> On Thu, Mar 25, 2010 at 11:26 PM, Sid Bachtiar <sid.bacht...@gmail.com> wrote:
> > Your security.yml needs to specify the required credentials, for example:
>
> > default:
> > is_secure: on
> > credentials: admin
>
> > Then don't forget to clear cache
>
> > On Thu, Mar 25, 2010 at 11:24 PM, wueb <webmaster....@gmail.com> wrote:
> >> Hey
>
> >> I have credentials for each module i build.
>
> >> For example:
>
> >> # Module abc have the security.yml:
> >> all:
> >> credentials: 6
>
> >> But i can access my module abc even without the credential 6.
>
> >> The results of the hasCredential are strange too, because i always get
> >> 1 from them, even if i remove the credential. Example:
>
> >> $this->addCredential("xpto");
> >> echo $this->hasCredential("xpto"); // prints 1
> >> $this->removeCredential("xpto");
> >> echo $this->hasCredential("xpto"); // prints 1
>
> >> What is happening?
>
> >> PS: My default security.yml have:
>
> >> default:
> >> is_secure: true
>
> >> --
> >> If you want to report a vulnerability issue on symfony, please send it to
> >> security at symfony-project.com
>
> >> You received this message because you are subscribed to the Google
> >> Groups "symfony users" group.
> >> To post to this group, send email to symfony-users@googlegroups.com
> >> To unsubscribe from this group, send email to
> >> symfony-users+unsubscr...@googlegroups.com
> >> For more options, visit this group at
> >>http://groups.google.com/group/symfony-users?hl=en
>
> >> To unsubscribe from this group, send email to
> >> symfony-users+unsubscribegooglegroups.com or reply to this email with the
> >> words "REMOVE ME" as the subject.
>
> > --
> > Blue Horn Ltd - System Development
> >http://bluehorn.co.nz
>
> --
> Blue Horn Ltd - System Developmenthttp://bluehorn.co.nz
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
To unsubscribe from this group, send email to
symfony-users+unsubscribegooglegroups.com or reply to this email with the words
"REMOVE ME" as the subject.
