We often overlook a central security requirement that any application needs to meet: controlling users' access to data and functionality. Usually, we handle user access through the combination of 3 security mechanisms: authentication, session management and access control. We will take a look at the Symfony's Security component powerful tools and see how to use them to handle user access the right way.

Comments

Comments are closed.

Tom Adam at 10:26 on 7 Dec 2018

I found this talk a little hard to follow. I would have been clearer for me if more focus had been given to the elements of the system: UserProvider, Authenticator and Authorisation. It could have also been good to see some simple examples. The point was made that you should not use the built in providers or aurhenticators but not why this is the case. Building authentication systems securely is tricky, and the built in classes certainly have their place, in my opinion.

David Buchmann at 10:29 on 7 Dec 2018

A good introduction to the security component. I loved the humor.

David Buchmann at 10:30 on 7 Dec 2018

Oh, also: do not apologize for your english, its very good ;-)

I guess it could have been better if we were not lost in too much details sometimes. Nevertheless I enjoyed the talk :-), thanks for sharing your enthousiasm fro this component.

Antonio Peric at 10:46 on 7 Dec 2018

Basic things about security in Symfony, nothing new and nothing that you cannot find in the documentation. I expected more in-depth thigs.

sprain at 11:24 on 7 Dec 2018

Too basic (it was the advanced track after all). And yes, even though the speaker wanted to play it down, I was offended by the language and don‘t think swearing is ever appropriate on stage of a conference. It‘s doesn‘t add any value and is disrespectful towards the audience.

David Badura at 14:26 on 7 Dec 2018

Your talk was nice, but to basic for the advance track. And your English was really good!

Bart van Raaij at 17:36 on 7 Dec 2018

This was basically just a presentation of what’s written in the Symfony Docs, and absolutely not an advanced talk.

Tom at 18:40 on 7 Dec 2018

Although I was not offended by swearing (I swear myself a lot), it is disrespectful to your audience, especially when you call them shit developers for something that speaker herself did with the talk (not going beyond the docs). That is not the way to build up a charisma. I'm surprised that it was not against the code of conduct.

The talk definitely should not have been part of the advanced track.

Bruno Paz at 19:22 on 7 Dec 2018

This talk was a gentle introduction of the Symfony security component. too basic for advanced track. I would expect for exeample voters to be at least mentioned .

Pedro Ribeiro at 22:39 on 7 Dec 2018

Besides of what she presented being very basic for an advanced track, the posture of the lady speaker was awful. She acted like she was a boss in Symfony and in programming, tech lead and bla bla bla. Insulted the rookies and everyone who don't know the basics, but, in sum, she was so boring and so shittty saying f words. I'm just using her language now, F off you lady. Zero.

Tiago Brito at 22:54 on 7 Dec 2018

Too basic for the advanced tracking.
I didn't feel offended by the swearing but didn't understand the point...

Yannick at 10:00 on 8 Dec 2018

Not really suited for the advanced track. Was pretty much the security docs in a different format, which doesn't really seem something to present in the advanced track. And while I can understand that it can be stressful to be on such a big stage, but the profanity was very out of place.

What I expected was a more in depth presentation. Maybe explain something about the voter strategies or how to white guard authenticators, or even maybe explain why not to use the buildin stuff. In the future the presentation should really take the audience (and/or track) in mind.

Johan Vervloet at 10:01 on 8 Dec 2018

I would have preferred to see a more concrete example in which you use the security mechanisms for some particular user access handling. e.g oauth.

Very basic, nothing you can't find in the docs.

Didn't like the self depreciation of the speaker, and please go over the indentation of your YAML with a fine comb, some stuff in there is indented incorrecly and won't actually work. Most notably acl is a property of the security component, not of a firewall.

Other than that is was an okay overview of the Security Component. Wouldn't call it advanced though.

As part of the organization committee, I realize we should have better communicated with the speaker.
Please don't blame Diana for the mistake we did and rate only her talk - not its adequation to the track.
We'll definitely look at our processes to prevent this from happening again. Apologies to Diana for the error.
It was a real pleasure to have her at SymfonyCon.

We missed some examples, real explanations and reasons why "you shouldn't use basic guards"
Loved the trashy language and attitude, although bit less could have been more appropriate in this context :) !

Igor Hryshko at 16:43 on 11 Dec 2018

Too basic as for advanced track. Also, the language was too rude and not appropriate as for a conference stage.

Artem Rebrov at 10:19 on 12 Dec 2018

Awful presentation and very rude and offensive language. Speakers should respect listeners and it's not a humor for me when someone calls junior developers "sh*tty".
The presentation itself was very basic and actually copied from Symfony security docs and it was only introduction part without advanced topics

I did not understand how is this an advanced talk and was expecting a bit more than just a basic introduction to the components.