After reading the IRC logs about this topic (1) and the comments on the
pull request (2), I'm in favor of the first option described by Jonhannes:
"Moving encoder to the account by effectively removing all encoder
classes, and adding encodePassword(), and isPasswordValid() to
AccountInterface"
I think this is the way to go:
* This is the most flexible solution;
* The developer can easily implement the two new methods from the
interface as PHP comes with the hash() function;
* It's very lightweight.
1: http://trac.symfony-project.org/wiki/IRCLogs20101209
2: https://github.com/fabpot/symfony/pull/250
Fabien
--
Fabien Potencier
Sensio CEO - symfony lead developer
sensiolabs.com | symfony-project.org | fabien.potencier.org
Tél: +33 1 40 99 80 80
On 12/1/10 2:52 PM, Lukas Kahwe Smith wrote:
Hello,
the provider handles comparing the submitted password with the one stored in
the provider. however in order to initially store the hashed password there
doesnt seem to be any facility to easily figure out what password encoder is
set for a given provider.
regards,
Lukas Kahwe Smith
m...@pooteeweet.org
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to symfony-devs@googlegroups.com
To unsubscribe from this group, send email to
symfony-devs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
