Download the PHP package markup/fallback-password-encoder-bundle without Composer
On this page you can find all versions of the php package markup/fallback-password-encoder-bundle. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package fallback-password-encoder-bundle
MarkupFallbackPasswordEncoderBundle
About
This Symfony2 bundle offers a strategy to use for password encoding for use with the friendsofsymfony/user-bundle package (FOSUserBundle). It requires version >=2.3.6 of the Symfony Security component.
The use case would be when there is legacy user data with passwords that are hashed using an algorithm that is easy to break, such as MD5. You'd like to use bcrypt, but this means getting all users to reset their passwords. This bundle allows you to declare a stack of encoders, so that you can run a primary algorithm and a set of fallback algorithms at the same time. A user with a password hashed using the legacy algorithm will have the stored hash transparently updated to the new, more secure hash the next time they sign in.
Current limitation: bundle does not currently work with Symfony framework encoders, as these are not declared as services.
Disclaimer
The existence of this software should by no means be construed as condoning the strategy itself. It is far preferable to have all passwords in your system using the same, secure algorithm. However, you may judge that this strategy is the most pragmatic for your situation - typically when you do not wish to enforce password resetting on your user base.
Installation
Add MarkupFallbackPasswordEncoderBundle to your composer.json:
Add MarkupFallbackPasswordEncoderBundle to your AppKernel.php:
Finally, install the bundle using Composer:
Usage
Configuration example:
A service ID is declared as the primary encoder - this is the canonical encoder that passwords should be hashed with. You then define a stack of fallback encoders that are used to check passwords using legacy algorithms. Manipulators also need to be registered if you are not making use of the fos_user.util.user_manipulator service provided by FOSUserBundle. (This service will still be used as a fallback for users of a class that does not appear in the keys of this manipulators list.)
In your security.yml file, you would then specify the fallback encoder as markup_fallback_password_encoder:
License
Released under the MIT License. See LICENSE.
