Playing around with suggestion #4 (tagging user providers), there is an issue with the case for "// Existing DAO service provider", as the SecurityExtension::createUserDaoProvider() currently creates an alias in the container. This doesn't require the target service to exist, and rightfully so as its config might not have even been processed yet. There is no DIC API to assign a tag to an alias, and since the service's definition might not exist we can't very well give it a tag.
-- jeremy mikola -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
