+1 for userIdentifier I would also 2nd the usage of hash function and stronger algorithm like whirlpool. Also as the hash algorithms are becoming longer.. They should be base64 encoded, so I propose to also have a password_ecoding parameter with 2 values (hex, base64)
Regards, Miha On Oct 21, 1:55 pm, Johannes <[email protected]> wrote: > I've just taken a quick look at the source code, and from what I have > seen sha1 is used as the default hashing algorithm. I'm not sure that > is the right decision. When you consider the possible lifetime of > Symfony2 it's likely that sha1 will be broken within that lifetime; > thus, we should go with a stronger algorithm from the start. Besides > the code assumes that the algorithm name is equal to the PHP function > name. This is true for sha1 and md5, but PHP supports many more and > especially stronger algorithms through the hash() function which > should be used if available for the given algorithm. > > I also agree with most people here that I would prefer something more > abstract over $username. > > Johannes > > On Oct 21, 1:21 pm, Tom Boutell <[email protected]> wrote: > > > nom_de_guerre! That's short and practical and uncontroversial right? > > > On Thu, Oct 21, 2010 at 5:00 AM, Georg <[email protected]> wrote: > > > Isn't id the UserID? Or UserId? > > > > Am 21.10.2010 09:50, schrieb Pascal: > > >> Identifier or UserIdentifier ? > > > >> [MA]Pascal > > > >> On Thu, Oct 21, 2010 at 07:09, Bernhard Schussek <[email protected] > > >> <mailto:[email protected]>> wrote: > > > >> What about getAuthName()? > > > >> Bernhard > > >> -- > > >> Software Architect & Engineer > > >> Blog:http://webmozarts.com > > >> Twitter:http://twitter.com/webmozart > > > >> -- > > >> If you want to report a vulnerability issue on symfony, please send > > >> it to security at symfony-project.com <http://symfony-project.com> > > > >> You received this message because you are subscribed to the Google > > >> Groups "symfony developers" group. > > >> To post to this group, send email to [email protected] > > >> <mailto:[email protected]> > > >> To unsubscribe from this group, send email to > > >> [email protected] > > >> <mailto:symfony-devs%[email protected]> > > >> For more options, visit this group at > > >> http://groups.google.com/group/symfony-devs?hl=en > > > >> -- > > >> Pascal > > > >> -- > > >> If you want to report a vulnerability issue on symfony, please send it > > >> to security at symfony-project.com > > > >> You received this message because you are subscribed to the Google > > >> Groups "symfony developers" group. > > >> To post to this group, send email to [email protected] > > >> To unsubscribe from this group, send email to > > >> [email protected] > > >> For more options, visit this group at > > >>http://groups.google.com/group/symfony-devs?hl=en > > > > -- > > > If you want to report a vulnerability issue on symfony, please send it to > > > security at symfony-project.com > > > > You received this message because you are subscribed to the Google > > > Groups "symfony developers" group. > > > To post to this group, send email to [email protected] > > > To unsubscribe from this group, send email to > > > [email protected] > > > For more options, visit this group at > > >http://groups.google.com/group/symfony-devs?hl=en > > > -- > > Tom Boutell > > P'unk Avenue215 755 1330begin_of_the_skype_highlighting 215 > > 755 1330 end_of_the_skype_highlighting > > punkave.com > > window.punkave.com > > -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
