> 5) Security layer and different authentication sources: I think Thibault also > identified an issue when using different authentication sources, there was a > pull request but it was lost in yesterday's github outage.
We discussed how the security context can be serialized savely in between requests. The main problems I recall are: - Avoid stale user objects: * reload user object upon every request * user must be reloaded from same user provider (to avoid logging in a different user with possibly higher priviledges) - Different user providers per firewall: * can the security context be shared, or do we need a separate security context for each firewall? Config for exemplification: http://www.pastie.org/1297513 regards, Johannes -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
