Sorry to reply again, but I forgot to put in the snippet I used to
retrieve it.
$this->get('security.context')->getToken()->getUser()->getPassword();
On May 24, 9:41 am, Roger Webb <webb.ro...@gmail.com> wrote:
> I am unable to reproduce the issue you're describing. As I understand
> it best, *you* control what is retrieved from the database in your
> UserProviderInterface. That is, of course, assuming you are using
> "entity" authentication.
>
> On May 24, 9:25 am, dbenjamin <bd.web...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Hi,
>
> > I see that the password is not hydrated when retreiving user through
> > security context.
>
> > But when a provider fetches the user from a database, not having the
> > password forces the developper to execute an extra request just to be able
> > to save the user without a null password.
>
> > I know that's a security matter, but i feel like i'm doing the exact same
> > query the provider does a second time when it could be avoided.
>
> > What's the best practice for this ?
>
> > Thanks.
>
> > *
> > --
> > Benjamin Dulau - anonymation CEO
> > anonymation.com | code.anonymation.com
> > ben...@anonymation.com
> > *
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
