Cross-site Request Forgery (CSRF) is one of the traditional vulnerabilities that web applications have to deal with. Every web framework - including Symfony - supports CSRF protection out of the box. A lesser known vulnerability is Login CSRF, a special kind of CSRF attack.| Wouter J
At SymfonyWorld Winter 2021, I talked about using the new Symfony authentication system in your applications in Symfony 6. We discussed the important changes to the Security component, what we tried to improve with each change, and how you can use these to make a more secure application quicker.| Wouter J
Every now and then, there seems to be a lot of fuss in the PHP community about deprecations. In these discussions, deprecations are often discussed as if they are fatal errors. I think that is very wrong. Let’s reduce our expectations of deprecations. It’ll make everyones live much less stressful.| Wouter J
A very exciting time is coming with the biggest change for Symfony since Symfony 2.0: Symfony 6 has native PHP types on all its methods where it is possible. This will be a great push towards type safety in the PHP open source communities! Nicolas and Alexander have been working on and off for 2 years to create the best upgrade experience possible. Now, 2.5 months before the stable release, it is YOUR time to shine! Especially if you maintain any open source project (not even directly linked ...| Wouter J
Symfony has a very rigid release schedule since Symfony 3.0. Predictable releases are often mentioned as a major advantage. Did you know that this schedule also includes a 2 month “stabilization phase”? This phase gives time to all libraries and bundles to catch up. Testing pre-releases is one of the best and least time consuming contributions you can make to Symfony. Let’s see how you can help Symfony by reservering 30 minutes during these 2 months!| Wouter J
After more than half a year of work and discussions, Symfony 5.1 ships with an experimental and revisited Security system. I’m incredibly excited about this system, as I think it opens up the component for a lot of possibilities. That’s why in the coming week, I’ll publish a series of blogposts about this new system. I hope you’ll be just as excited as I am and help realising the full potential with us!| Wouter J
Ernest Hemingway is a writer from the twentieth-century know for his short and declarative writing style. Hemingwayapp.com is a free online tool that analyses your text according to this style. It also runs the Automated Readability Index algorithm. This makes it a perfect tool to write concise, short and easy to understand texts.| Wouter J
Symfony uses a very flexible voter approach to grant access for a user. As this is often based on domain-specific requirements and decisions, the voters that come with Symfony are very basic. I would even argue that it’s better if you not use them, and only rely on custom security voters.| Wouter J
Setting up big Symfony components in a blank PHP project helps a lot to understand it. You’ll grasp the main architecture of the component much easier this way. Let’s try to understand Symfony Security by doing exactly this!| Wouter J
Code discussions contain relevant information. Isn’t it a shame that we keep these in the centralized GitHub/GitLab servers, far away from our decentralized Git code? As soon as we move provider, we’ll lose all old discussions! And how do you ever find the pull requests back from 5 years ago? Symfony has implemented a lightweight solution to this problem years ago using a less-known feature of Git: Git Notes.| Wouter J
