Skip to content
This repository has been archived by the owner on May 15, 2024. It is now read-only.
Henk Verhoeven edited this page May 14, 2014 · 21 revisions

Contributing and sharing

Most wanted are your opinions and ideas. . Please hit 'Edit Page' if you have something to say.

Help with the code and docs is welcome.

Roadmap (0.2 Milestone)

See the issues tab

Ideas

These are open for discussion, not just about the how and priority but also the if at all and why. Please add your own ideas too.

  • Add (example) Controllers and templates for sending e-mails with urls with release tokens and for processing the resulting release requests.

  • Adding more Guard classes for different types of Authentication Listener, or replacing it by other hooks into symfony's authentication (discussion)

  • Guarding more Paths

    Applications implementing their own authentication systems should consider a threshold governor to prevent the over-use of the following paths:

    • Account registration processes (if any)
    • Primary authentication path
    • Step up authentication (such as two factor tokens)
    • Password change**
    • Password resets** (**Low value systems only - Most medium and all high value systems should not be using passwords, and thus do not possess password reset capabilities)

    The primary authentication path is already covered. A kernel request listener could be added for blocking other paths by ip address. Support for blocking by username could be usefull too, but some coustomization will be requiered as there is no generic way to obtain the username. A specialization of FOSUserBundle could be provided and could also serve as an example for custom Guards.

Quotations are from https://www.owasp.org/index.php/Guide_to_Authentication

Clone this wiki locally