How to Choose the Password Encoder Algorithm Dynamically

发布于 2015-08-27 16:39:40 | 173 次阅读 | 评论: 0 | 来源: 网络整理

Usually, the same password encoder is used for all users by configuring it to apply to all instances of a specific class:

YAML

# app/config/security.yml
security:
    # ...
    encoders:
        SymfonyComponentSecurityCoreUserUser: sha512

XML

<!-- app/config/security.xml -->
<?xml version="1.0" encoding="UTF-8"?>
<srv:container xmlns="http://symfony.com/schema/dic/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:srv="http://symfony.com/schema/dic/services"
    xsi:schemaLocation="http://symfony.com/schema/dic/services
        http://symfony.com/schema/dic/services/services-1.0.xsd"
>
    <config>
        <!-- ... -->
        <encoder class="SymfonyComponentSecurityCoreUserUser"
            algorithm="sha512"
        />
    </config>
</srv:container>

PHP

// app/config/security.php
$container->loadFromExtension('security', array(
    // ...
    'encoders' => array(
        'SymfonyComponentSecurityCoreUserUser' => array(
            'algorithm' => 'sha512',
        ),
    ),
));

Another option is to use a “named” encoder and then select which encoder you want to use dynamically.

In the previous example, you’ve set the sha512 algorithm for AcmeUserBundleEntityUser. This may be secure enough for a regular user, but what if you want your admins to have a stronger algorithm, for example bcrypt. This can be done with named encoders:

YAML

# app/config/security.yml
security:
    # ...
    encoders:
        harsh:
            algorithm: bcrypt
            cost: 15

XML

<!-- app/config/security.xml -->
<?xml version="1.0" encoding="UTF-8" ?>
<srv:container xmlns="http://symfony.com/schema/dic/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:srv="http://symfony.com/schema/dic/services"
    xsi:schemaLocation="http://symfony.com/schema/dic/services
        http://symfony.com/schema/dic/services/services-1.0.xsd"
>

    <config>
        <!-- ... -->
        <encoder class="harsh"
            algorithm="bcrypt"
            cost="15" />
    </config>
</srv:container>

PHP

// app/config/security.php
$container->loadFromExtension('security', array(
    // ...
    'encoders' => array(
        'harsh' => array(
            'algorithm' => 'bcrypt',
            'cost'      => '15'
        ),
    ),
));

This creates an encoder named harsh. In order for a User instance to use it, the class must implement EncoderAwareInterface. The interface requires one method - getEncoderName - which should return the name of the encoder to use:

// src/Acme/UserBundle/Entity/User.php
namespace AcmeUserBundleEntity;

use SymfonyComponentSecurityCoreUserUserInterface;
use SymfonyComponentSecurityCoreEncoderEncoderAwareInterface;

class User implements UserInterface, EncoderAwareInterface
{
    public function getEncoderName()
    {
        if ($this->isAdmin()) {
            return 'harsh';
        }

        return null; // use the default encoder
    }
}

后端技术

前端技术

数据库

热门框架

常用IDE

其他