markup/fallback-password-encoder-bundle
Composer 安装命令:
composer require markup/fallback-password-encoder-bundle
包简介
Bundle providing a password encoder stack for support of legacy user data.
README 文档
README
About
This Symfony2 bundle offers a strategy to use for password encoding for use with the friendsofsymfony/user-bundle package (FOSUserBundle). It requires version >=2.3.6 of the Symfony Security component.
The use case would be when there is legacy user data with passwords that are hashed using an algorithm that is easy to break, such as MD5. You'd like to use bcrypt, but this means getting all users to reset their passwords. This bundle allows you to declare a stack of encoders, so that you can run a primary algorithm and a set of fallback algorithms at the same time. A user with a password hashed using the legacy algorithm will have the stored hash transparently updated to the new, more secure hash the next time they sign in.
Current limitation: bundle does not currently work with Symfony framework encoders, as these are not declared as services.
Disclaimer
The existence of this software should by no means be construed as condoning the strategy itself. It is far preferable to have all passwords in your system using the same, secure algorithm. However, you may judge that this strategy is the most pragmatic for your situation - typically when you do not wish to enforce password resetting on your user base.
Installation
Add MarkupFallbackPasswordEncoderBundle to your composer.json:
{ "require": { "markup/fallback-password-encoder-bundle": "@dev" } }
Add MarkupFallbackPasswordEncoderBundle to your AppKernel.php:
public function registerBundles() { $bundles = array( ... new Markup\FallbackPasswordEncoderBundle\MarkupFallbackPasswordEncoderBundle(), ); ... }
Finally, install the bundle using Composer:
$ php composer.phar update markup/fallback-password-encoder-bundle
Usage
Configuration example:
A service ID is declared as the primary encoder - this is the canonical encoder that passwords should be hashed with. You then define a stack of fallback encoders that are used to check passwords using legacy algorithms. Manipulators also need to be registered if you are not making use of the fos_user.util.user_manipulator service provided by FOSUserBundle. (This service will still be used as a fallback for users of a class that does not appear in the keys of this manipulators list.)
markup_fallback_password_encoder: encoders: primary: id: security.encoder.blowfish fallbacks: - id: my_legacy_compat.encoder.md5.saltless manipulators: My\Bundle\CustomerBundle\Entity\Customer: my_customer.util.manipulator My\Bundle\AdminUserBundle\Entity\AdminUser: my_admin_user.util.manipulator
In your security.yml file, you would then specify the fallback encoder as markup_fallback_password_encoder:
security: encoders: My\Bundle\CustomerBundle\Entity\Customer: id: markup_fallback_password_encoder My\Bundle\AdminUserBundle\Entity\AdminUser: id: markup_fallback_password_encoder
License
Released under the MIT License. See LICENSE.
markup/fallback-password-encoder-bundle 适用场景与选型建议
markup/fallback-password-encoder-bundle 是一款 基于 PHP 开发的 Composer 扩展包,目前已累计 30.54k 次下载、GitHub Stars 达 6, 最近一次更新时间为 2013 年 10 月 02 日, 在 PHP 生态内属于活跃度较高的组件。
它主要适用于以下技术方向: 「password」 「barcode」 等业务场景。在实际项目中,围绕这些方向常见需要落地的问题包括:接口对接、性能调优、并发安全、与既有框架(Laravel / ThinkPHP / Yii / Webman 等)的兼容适配,以及生产环境的日志埋点与稳定性保障。
我们在过去多个企业项目中使用过 markup/fallback-password-encoder-bundle 或与其功能相近的方案,如果你在选型或落地过程中遇到问题,例如 版本兼容、二次改造、私有化封装、与内部系统对接、生产 BUG 排查,欢迎联系我们协助评估。
基于 markup/fallback-password-encoder-bundle 在你已有业务上做功能扩展、字段裁剪、UI 适配、与内部账号 / 权限 / 日志系统的深度对接。
线上偶发问题、内存泄漏、慢查询、并发异常等排查修复;针对高流量场景做缓存、队列、索引层面的调优。
承接完整的项目从需求 → 设计 → 开发 → 上线 → 长期运维;也可按月提供技术保姆服务。
与 markup/fallback-password-encoder-bundle 相关的其它包
同方向 / 同关键字的高下载量 PHP Composer 包推荐,方便对比选型:
Symfony 4, 5, 6 ,7 Barcode Generator Bundle with Twig function extension
The PHP class PasswordGenerator serves as a password generator to create memorable passwords like the keychain of macOS ≤ 10.14 did.
GS1 parser and generator for PHP
Laravel middleware to restrict a site or specific routes using HTTP basic authentication
High-level cryptographic primitives and security utilities for Maatify systems including password hashing, reversible encryption, HKDF key derivation, and key rotation.
A library for reading KeePass 2.x databases
统计信息
- 总下载量: 30.54k
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 6
- 点击次数: 9
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2013-10-02