Hi, loadUserByUsername() is not used to check the password. The password is checked once you get the user in memory by comparing the hashes (or plaintext if no encoder is used).
You will need to implement the web service so you could return the user by its username, and configure Symfony so that it checks the password with the correct hashing algorithm that is stored in the user object. Think of loadUserByUsername() as if you were executing a SELECT * FROM User WHERE username = $username, and then you check that the hashes coincide through PHP. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en