Security
Symfony
Published on 2021-06-30 • Modified on 2021-06-30
In this post, we will see how to implement a user workflow with Symfony and EasyAdmin3. We will use the Symfony workflow component to handle the users' state and we will use EasyAdmin3 to modify this state with custom actions.
API Platform
Published on 2020-12-31 • Modified on 2020-12-31
In this post, we will see how to secure an API with JWT and API Platform. We will generate JWT security tokens thanks to the lexik/jwt-authentication-bundle, and we will take advantage of the new property security parameter introduced in API Platform 2.6.
Symfony
Published on 2020-10-15 • Modified on 2020-10-15
In this post, we will see how to use an expression for disabling the security of a Symfony administration in the dev environment. We won't use an IP based test like the documentation explains, but we will use the application's environment instead.
Symfony
Published on 2019-12-22 • Modified on 2021-12-24
In this post, we will check all the Symfony best practices listed in the official documentation. For each one, I will say if I agree with it or not and why.
Symfony
Published on 2019-06-05 • Modified on 2019-06-05
In this post, we will see how to use the NotCompromisedPassword validator which was introduced in Symfony 4.3. This validator allows us to check if a given password was publicly exposed in a data breach and is therefore compromised. We will see how to use it manually and how to offer the ability to the user to test their password with this validation.
Symfony
Published on 2018-11-16 • Modified on 2020-10-17
In this post, we will see how to implement a fail2ban system for Symfony. It will log login failure attempts for a given IP and will prevent further tries once a critical threshold is reached. When happening, a customized error page will be displayed to the user. ⏹