Hi,
I just finished reading the security chapter of documentation and I
have a doubt. Under the section "Encoding the User's Password", it
suggests to encode the password in the controller:
$factory = $this->get('security.encoder_factory');
$user = new Acme\UserBundle\Entity\User();
$encoder = $factory->getEncoder($user);
$password = $encoder->encodePassword('ryanpass', $user->getSalt());
$user->setPassword($password);
Is that really the controller's "responsibility" to encode the
password rather than user entity? Since entity do not have access to
the security.encoder_factory service, is there a better way to
encapsulate this business logic somewhere else than in the controller
to ensure that every time the password will be encrypted every time it
will be set?
Thanks,
Alex
--
If you want to report a vulnerability issue on symfony, please send it to
security at symfony-project.com
You received this message because you are subscribed to the Google
Groups "symfony users" group.
To post to this group, send email to symfony-users@googlegroups.com
To unsubscribe from this group, send email to
symfony-users+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-users?hl=en
