Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commitbf5f901

Browse files
committed
-
1 parent7518fea commitbf5f901

File tree

2 files changed

+7
-6
lines changed

2 files changed

+7
-6
lines changed

‎security.rst‎

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -343,11 +343,6 @@ can also create your own :ref:`custom user provider <security-custom-user-provid
343343
it using the:class:`Symfony\\Component\\Security\\Core\\User\\UserProviderInterface`
344344
type-hint.
345345

346-
..note::
347-
348-
The maximum length allowed for the user identifier is 4096 characters to
349-
prevent `session storage flooding`_ attacks.
350-
351346
.. _security-encoding-user-password:
352347

353348
Registering the User: Hashing Passwords
@@ -2661,4 +2656,3 @@ Authorization (Denying Access)
26612656
.. _`SymfonyCastsVerifyEmailBundle`:https://github.com/symfonycasts/verify-email-bundle
26622657
.. _`HTTP Basic authentication`:https://en.wikipedia.org/wiki/Basic_access_authentication
26632658
.. _`Login CSRF attacks`:https://en.wikipedia.org/wiki/Cross-site_request_forgery#Forging_login_requests
2664-
.. _`session storage flooding`:https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session

‎security/custom_authenticator.rst‎

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,11 @@ using :ref:`the user provider <security-user-providers>`::
205205
// ...
206206
$passport = new Passport(new UserBadge($email), $credentials);
207207

208+
..note::
209+
210+
The maximum length allowed for the user identifier is 4096 characters to
211+
prevent `session storage flooding`_ attacks.
212+
208213
..note::
209214

210215
You can optionally pass a user loader as second argument to the
@@ -373,3 +378,5 @@ authenticator methods (e.g. ``createToken()``)::
373378
return new CustomOauthToken($passport->getUser(), $passport->getAttribute('scope'));
374379
}
375380
}
381+
382+
.. _`session storage flooding`:https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp