Published on 2020-12-31 • Modified on 2020-12-31
In this post, we will see how to secure an API with JWT and API-Platform. We will generate JWT security tokens thanks to the lexik/jwt-authentication-bundle, and we will take advantage of the new property security parameter introduced in API Platform 2.6.
Published on 2020-10-15 • Modified on 2020-10-15
In this post, we will see how to use an expression for disabling the security of a Symfony administration in the dev environment. We won't use an IP based test like the documentation explains, but we will use the application's environment instead.
Published on 2019-12-22 • Modified on 2020-08-18
In this post, we will check all the Symfony best practices listed in the official documentation. For each one, I will say if I agree with it or not and why.
Published on 2019-06-05 • Modified on 2019-06-05
In this post, we will see how to use the NotCompromisedPassword validator which was introduced in Symfony 4.3. This validator allows us to check if a given password was publicly exposed in a data breach and is therefore compromised. We will see how to use it manually and how to offer the ability to the user to test their password with this validation.
Published on 2018-11-16 • Modified on 2020-10-17
In this post, we will see how to implement a fail2ban system for Symfony. It will log login failure attempts for a given IP and will prevent further tries once a critical threshold is reached. When happening, a customized error page will be displayed to the user. ⏹