On 11/16/10 11:02 AM, Johannes wrote:
5) Security layer and different authentication sources: I think Thibault also identified an issue when using different authentication sources, there was a pull request but it was lost in yesterday's github outage.
I read the patch when it was published and it was wrong as it always uses the "default" user provider.
Fabien
We discussed how the security context can be serialized savely in between requests. The main problems I recall are: - Avoid stale user objects: * reload user object upon every request * user must be reloaded from same user provider (to avoid logging in a different user with possibly higher priviledges) - Different user providers per firewall: * can the security context be shared, or do we need a separate security context for each firewall? Config for exemplification: http://www.pastie.org/1297513 regards, Johannes
-- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
