Security: handling user access with Symfony the right way

Diana Ungaro Arnos (07.Dec.2018 at 09:50)
Talk at SymfonyCon Lisbon 2018 (English - US)

Rating: 2 of 5

We often overlook a central security requirement that any application needs to meet: controlling users' access to data and functionality. Usually, we handle user access through the combination of 3 security mechanisms: authentication, session management and access control. We will take a look at the Symfony's Security component powerful tools and see how to use them to handle user access the right way.

Who are you?

Claim talk

Talk claims have been moved to the new site.

Please login to the new site to claim your talk

Want to comment on this talk? Log in or create a new account or comment anonymously

Write a comment

Please note: you are not logged in and will be posting anonymously!
= two plus eight


Rating: 3 of 5

07.Dec.2018 at 10:26 by Tom Adam (9 comments) via Web2 LIVE

I found this talk a little hard to follow. I would have been clearer for me if more focus had been given to the elements of the system: UserProvider, Authenticator and Authorisation. It could have also been good to see some simple examples. The point was made that you should not use the built in providers or aurhenticators but not why this is the case. Building authentication systems securely is tricky, and the built in classes certainly have their place, in my opinion.

Rating: 5 of 5

07.Dec.2018 at 10:29 by David Buchmann (134 comments) via Web2 LIVE

A good introduction to the security component. I loved the humor.

07.Dec.2018 at 10:30 by David Buchmann (134 comments) via Web2 LIVE

Oh, also: do not apologize for your english, its very good ;-)

Rating: 4 of 5

07.Dec.2018 at 10:33 by José De Araujo (19 comments) via Web2 LIVE

I guess it could have been better if we were not lost in too much details sometimes. Nevertheless I enjoyed the talk :-), thanks for sharing your enthousiasm fro this component.

Rating: 2 of 5

07.Dec.2018 at 10:46 by Antonio Peric (42 comments) via Web2 LIVE

Basic things about security in Symfony, nothing new and nothing that you cannot find in the documentation. I expected more in-depth thigs.

Rating: 1 of 5

07.Dec.2018 at 11:24 by sprain (8 comments) via Web2 LIVE

Too basic (it was the advanced track after all). And yes, even though the speaker wanted to play it down, I was offended by the language and don‘t think swearing is ever appropriate on stage of a conference. It‘s doesn‘t add any value and is disrespectful towards the audience.

Rating: 3 of 5

07.Dec.2018 at 14:26 by David Badura (9 comments) via Web2 LIVE

Your talk was nice, but to basic for the advance track. And your English was really good!

Rating: 2 of 5

07.Dec.2018 at 17:36 by Bart van Raaij (11 comments) via Web2 LIVE

This was basically just a presentation of what’s written in the Symfony Docs, and absolutely not an advanced talk.

Rating: 1 of 5

07.Dec.2018 at 18:40 by Tom (1 comments) via Web2 LIVE

Although I was not offended by swearing (I swear myself a lot), it is disrespectful to your audience, especially when you call them shit developers for something that speaker herself did with the talk (not going beyond the docs). That is not the way to build up a charisma. I'm surprised that it was not against the code of conduct.

The talk definitely should not have been part of the advanced track.

Rating: 3 of 5

07.Dec.2018 at 19:22 by Bruno Paz (14 comments) via Web2 LIVE

This talk was a gentle introduction of the Symfony security component. too basic for advanced track. I would expect for exeample voters to be at least mentioned .

Rating: 1 of 5

07.Dec.2018 at 22:39 by Pedro Ribeiro (5 comments) via Web2 LIVE

Besides of what she presented being very basic for an advanced track, the posture of the lady speaker was awful. She acted like she was a boss in Symfony and in programming, tech lead and bla bla bla. Insulted the rookies and everyone who don't know the basics, but, in sum, she was so boring and so shittty saying f words. I'm just using her language now, F off you lady. Zero.

Rating: 1 of 5

07.Dec.2018 at 22:54 by Tiago Brito (19 comments) via Web2 LIVE

Too basic for the advanced tracking.
I didn't feel offended by the swearing but didn't understand the point...

Rating: 1 of 5

08.Dec.2018 at 10:00 by Yannick (24 comments) via Web2 LIVE

Not really suited for the advanced track. Was pretty much the security docs in a different format, which doesn't really seem something to present in the advanced track. And while I can understand that it can be stressful to be on such a big stage, but the profanity was very out of place.

What I expected was a more in depth presentation. Maybe explain something about the voter strategies or how to white guard authenticators, or even maybe explain why not to use the buildin stuff. In the future the presentation should really take the audience (and/or track) in mind.

Rating: 1 of 5

08.Dec.2018 at 10:01 by Johan Vervloet (49 comments) via Web2 LIVE

I would have preferred to see a more concrete example in which you use the security mechanisms for some particular user access handling. e.g oauth.

Rating: 1 of 5

09.Dec.2018 at 09:52 by Ewald Vanderveken (6 comments) via Web2 LIVE

Very basic, nothing you can't find in the docs.

Rating: 3 of 5

09.Dec.2018 at 22:48 by Remon van de Kamp (91 comments) via Web2 LIVE

Didn't like the self depreciation of the speaker, and please go over the indentation of your YAML with a fine comb, some stuff in there is indented incorrecly and won't actually work. Most notably acl is a property of the security component, not of a firewall.

Other than that is was an okay overview of the Security Component. Wouldn't call it advanced though.

Rating: 5 of 5

10.Dec.2018 at 20:56 by Nicolas Grekas (7 comments) via Web2 LIVE

As part of the organization committee, I realize we should have better communicated with the speaker.
Please don't blame Diana for the mistake we did and rate only her talk - not its adequation to the track.
We'll definitely look at our processes to prevent this from happening again. Apologies to Diana for the error.
It was a real pleasure to have her at SymfonyCon.

Rating: 2 of 5

11.Dec.2018 at 13:02 by Flavien Knuchel (10 comments) via Web2 LIVE

We missed some examples, real explanations and reasons why "you shouldn't use basic guards"
Loved the trashy language and attitude, although bit less could have been more appropriate in this context :) !

Rating: 2 of 5

11.Dec.2018 at 16:43 by Igor Hryshko (5 comments) via Web2 LIVE

Too basic as for advanced track. Also, the language was too rude and not appropriate as for a conference stage.

Rating: 1 of 5

12.Dec.2018 at 10:19 by Artem Rebrov (1 comments) via Web2 LIVE

Awful presentation and very rude and offensive language. Speakers should respect listeners and it's not a humor for me when someone calls junior developers "sh*tty".
The presentation itself was very basic and actually copied from Symfony security docs and it was only introduction part without advanced topics

Rating: 2 of 5

13.Dec.2018 at 20:15 by Donatas Aleksandravičius (33 comments) via Web2 LIVE

I did not understand how is this an advanced talk and was expecting a bit more than just a basic introduction to the components.

© 2019