SymfonyCon Warsaw 2013
10 - 14 Dec 2013 at Westin Hotel

Awesome. Good examples. Well prepared "live" coding session.

To be honest, I found this to be a mixed bag. Some parts of it, particularly the concept slides was quite useful and put good definitions on some concepts in the security component.

I did however find the interactivity part of the session to be unnecessary, particularly as many of the questions had multiple correct answers or depended on specific vendor API knowledge (differences in the OAuth implementation between Google+ and Facebook e.g.). In all, I think a regular talk would have worked better.

I was also a little alarmed that a talk about authentication in the security component skips over some authentication security issues. Most people probably already know that HTTP Basic Authentication is not a secure authentication mechanism unless using SSL, but it's still worth mentioning. However, sending passwords as query parameters is never a good idea because query parameters are usually logged by web servers (on both HTTP and HTTPS) and by proxies (on HTTP).

Oh, and as a side note, the header for HTTP Basic authentication is Authorization, but the ServerBag adds PHP_AUTH_USER and PHP_AUTH_PW, even though they're not actually headers, but rather PHP-specific CGI environment variables. ;)

All in all, the talk has potential, but I find it could use some reworking to fulfill it.

Very good presentation and examples, especially examples. Good work.

Conclusions were really good. Very good talk.

Nice talk. I totally agree with Kris way of writing apps.

Very good explain how to build REST API in the right way with Symfony2.

I missed the arguments where ACE is good to use - it sounded as if you should always implement voters yourself. ACE has it's use-cases, where simple voters are not enough

Sorry, but I found this talk too much "for dummies", and this had nothing to do with "mastering" as the title suggests.

Christmas spirit rocked! ;)