I've just taken a quick look at the source code, and from what I have seen sha1 is used as the default hashing algorithm. I'm not sure that is the right decision. When you consider the possible lifetime of Symfony2 it's likely that sha1 will be broken within that lifetime; thus, we should go with a stronger algorithm from the start. Besides the code assumes that the algorithm name is equal to the PHP function name. This is true for sha1 and md5, but PHP supports many more and especially stronger algorithms through the hash() function which should be used if available for the given algorithm.
I also agree with most people here that I would prefer something more abstract over $username. Johannes On Oct 21, 1:21 pm, Tom Boutell <[email protected]> wrote: > nom_de_guerre! That's short and practical and uncontroversial right? > > > > On Thu, Oct 21, 2010 at 5:00 AM, Georg <[email protected]> wrote: > > Isn't id the UserID? Or UserId? > > > Am 21.10.2010 09:50, schrieb Pascal: > >> Identifier or UserIdentifier ? > > >> [MA]Pascal > > >> On Thu, Oct 21, 2010 at 07:09, Bernhard Schussek <[email protected] > >> <mailto:[email protected]>> wrote: > > >> What about getAuthName()? > > >> Bernhard > >> -- > >> Software Architect & Engineer > >> Blog:http://webmozarts.com > >> Twitter:http://twitter.com/webmozart > > >> -- > >> If you want to report a vulnerability issue on symfony, please send > >> it to security at symfony-project.com <http://symfony-project.com> > > >> You received this message because you are subscribed to the Google > >> Groups "symfony developers" group. > >> To post to this group, send email to [email protected] > >> <mailto:[email protected]> > >> To unsubscribe from this group, send email to > >> [email protected] > >> <mailto:symfony-devs%[email protected]> > >> For more options, visit this group at > >> http://groups.google.com/group/symfony-devs?hl=en > > >> -- > >> Pascal > > >> -- > >> If you want to report a vulnerability issue on symfony, please send it > >> to security at symfony-project.com > > >> You received this message because you are subscribed to the Google > >> Groups "symfony developers" group. > >> To post to this group, send email to [email protected] > >> To unsubscribe from this group, send email to > >> [email protected] > >> For more options, visit this group at > >>http://groups.google.com/group/symfony-devs?hl=en > > > -- > > If you want to report a vulnerability issue on symfony, please send it to > > security at symfony-project.com > > > You received this message because you are subscribed to the Google > > Groups "symfony developers" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > >http://groups.google.com/group/symfony-devs?hl=en > > -- > Tom Boutell > P'unk Avenue215 755 1330begin_of_the_skype_highlighting 215 755 > 1330 end_of_the_skype_highlighting > punkave.com > window.punkave.com -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
