I have a question regarding dumping and loading passwords. In 1.4.5 I am experiencing passwords hashes being re-hashed after a dump/load. This is because when the data is loaded the set method is expecting plaintext and hashes the hash that was passed in. (describes issue http://forum.symfony-project.org/index.php/m/76257/)
Apparently there are two methods for fixing this: 1) alter setPassword to behave differently (don't hash if it looks like a hash OR don't hash if the object is new and salt exists) 2) alter the yaml file so that password_hash is set, not password. (sed -i s/password:/password_hash:/g data/fixtures/data.yml) These both work for me but I'm having issues with them both. If I use method one, then I can't check in the changes since they are inside the plugin (I put them in PluginsfGuardUser because I couldn't get them to work in myUser). If I use method two then that means running a sed script on the yaml after I dump it and hoping that I don't forget and blow everything away. I would think that there is a solution that 'just works', I'd like to hear what everyone else does. Bundle the sed command into a new cli action? Alter a different file for the user? Thanks! ashton -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
