Posting user a password back into the submitted form is considered a really bad practice and should never ever be done, even if form contains errors, so we don't need the plainTextPassword field or do we.
This one is probably off topic to this specific discussion, but I'm missing a filters. e.g trim, tolower. Digging trough the Form code, I found "transformations", but they are not the same. As some are hardcoded e.g trim to each field, which is sort of annoying if you also need them inside a model, where they are also supposed to be, especially when you get data from multiple sources. (form, console, webservice?) And here is another one that I probably really missed, to lazy right now to download the code so I'm browsing on github. Where does the Validator for the form gets set from? I'm seeing the validator annotations in the Model class, but not even one in the form class P.S. It seems that also ACLs are missing, so anybody can see/edit any user's data? Regards, Miha On Nov 4, 1:41 pm, Jordi Boggiano <[email protected]> wrote: > On 04.11.2010 11:30, Lukas Kahwe Smith wrote: > > > > > class User > > { > > /** > > * @validation:MinLetters(1) > > */ > > protected $password; > > > /** > > * @PersistMe > > */ > > protected $hashedPassword; > > > public function setPassword($password) > > { > > $this->password = $password; > > $this->hashedPassword = hash_me($password); > > } > > } > > > Now this would mean that the DB schema has to change. > > I don't see why. Just use password for persistence, and > plainTextPassword for the form ? IMO the "problem" is at the form > framework level, and the name of the password field at the model/db > level shouldn't be polluted by that. > > Cheers > > -- > Jordi Boggiano > @seldaek ::http://seld.be/ -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
