On 20.04.2011, at 10:50, Matthias Nothhaft wrote: > To be honest I think about not using the Security system of Symfony2 at all > as it looks "over classed", over complicated to me. 150 files to secure my > application? ..while on the other hand I will probably only use 10 % of it > and need to change and add several implementations to fit my needs.
There are certainly a lot of classes (and interfaces) involved. To get good performance you probably not only need APC, but also set file stat to off, otherwise the disk i/o could begin to really hurt. Now in terms of development, yes its absolutely non trivial. Each class on its own is quite simple, but its hard to grasp what each of them do. Furthermore because we support multiple firewalls all services need to be dynamically connected. I think by expanding the phpdoc comments the situation can be improved. However even more important is Johannes's DebuggingBundle [1] and its ability to visualize the service container [2]. I am still hoping that he will add links to the configured class so that one can open them just like we support for Exceptions. this way one could easily open all relevant files without having to navigate the "maze" of directories. But the benefit of all of this is that one can for example easily take the FacebookBundle and integrate it with the UserBundle with essentially no code duplication. I do think that the configuration side of things could be simplified some more for beginners, but I think simplifying the code behind will mean you quickly end up in a corner where you will need to write a lot of ad hoc custom code to get the last bit of functionality, which imho is a bigger security risk than having to once invest the time to understand how the security system works and then benefitting from all the nice tools like SecurityExtraBundle etc. regards, Lukas Kahwe Smith [email protected] [1] https://github.com/schmittjoh/DebuggingBundle [2] http://www.screencast.com/users/Johanness/folders/Jing/media/c24888e8-9629-46b1-8899-aafc49d9672a (note this is a very early version) -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en
