[Waiting Code Merge] Added a section on the BCrypt password encoder #1936
Conversation
| <!-- app/config/security.xml --> | ||
| <config> | ||
| <!-- ... --> | ||
| <encoder class="Symfony\Component\Security\Core\User\User" algorithm="bcrypt" cost="15" /> |
There was a problem hiding this comment.
I prefer to avoid scrolling in coding example, you could change it in something like:
<encoder class="Symfony\Component\Security\Core\User\User"
algorithm="bcrypt"
cost="15"
/>
There was a problem hiding this comment.
That's the way it's already written in existing code snippets; my line is even shorter than those ones. Do I really need to deviate from them and break this line over several lines?
There was a problem hiding this comment.
I would break the line and encourage you to submit another PR improving the other code snippets :)
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes #6808). Commits ------- 0cb74a2 Added BCrypt password encoder. Discussion ---------- Bcrypt password encoder Bug fix: no Feature addition: yes Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: #5932 License of the code: MIT Documentation PR: symfony/symfony-docs#1936 --------------------------------------------------------------------------- by TerjeBr at 2013-01-19T18:53:21Z Finishing PR #5974 --------------------------------------------------------------------------- by jalliot at 2013-01-20T14:07:54Z This looks very good! :) But be careful to CS or this will not be merged. --------------------------------------------------------------------------- by TerjeBr at 2013-01-20T14:17:35Z I do not understand. What do you mean by "CS"? --------------------------------------------------------------------------- by jalliot at 2013-01-20T14:20:33Z [Coding standards](http://symfony.com/doc/current/contributing/code/standards.html). You should run [PHP-CS-Fixer](https://github.com/fabpot/PHP-CS-Fixer) on your code to fix it. --------------------------------------------------------------------------- by TerjeBr at 2013-01-20T14:47:23Z The only thing php-cs-fixer.phar did was to realign some of the doc-block comments. But thank you any way for pointing out the script to me. --------------------------------------------------------------------------- by TerjeBr at 2013-01-20T15:52:07Z Why does it look like @elnur added the commits? It was me. --------------------------------------------------------------------------- by stof at 2013-01-20T16:32:12Z @TerjeBr check your git configuration to be sure it uses your email address when committing --------------------------------------------------------------------------- by TerjeBr at 2013-01-20T17:30:58Z Now the commit is in my name. But see what happens if I squash the commit wit git rebase .... --------------------------------------------------------------------------- by TerjeBr at 2013-01-20T17:33:08Z Now it looks like elnur added the commit. --------------------------------------------------------------------------- by stof at 2013-01-26T15:57:59Z @fabpot is there a chance to have this in 2.2 ?
|
The code has been merged. Please accept this PR. |
|
ping @weaverryan |
[Waiting Code Merge] Added a section on the BCrypt password encoder
|
Hi guys! Thanks for the ping and this nice feature :). I've merged this into the master branch and moved the new section into the reference manual (as well as a few other minor changes) at sha: 782c649 If anyone sees any issues, please let me know. Thanks! |
|
Since the code has been merged in the 2.2 branch, is the documentation also in the 2.2 branch? |
|
@TerjeBr the master branch of the doc is still for 2.2. The 2.2 doc branch has not been created yet (as we don't have 2.3-specific docs yet) |
|
Ok. Thanks for that answer. I have another question though. Should not the master documentation be updated so that bcrypt is the recommended password encryption? But even worse is that the first example in the documentation is using the old insecure many iterations of of sha1 with an iteration count of 1!!!! I would suggest that the first example should show the most secure method(bcrypt). And also there should be some kind of discussion/recommendation of which method to use. As it is now you only have a sentence at the end saying: New in version 2.2: As of Symfony 2.2 you can also use the PBKDF2 and BCrypt password encoders. Those who are new to cryptography would not know that they should select that instead of what is in the example. |
The encoder itself is currently under development in symfony/symfony#5974.