Security provides an infrastructure for sophisticated authorization systems, which makes it possible to easily separate the actual authorization logic from so called user providers that hold the users credentials. It is inspired by the Java Spring framework.

Overview
You might also like...
A database of PHP security advisories

PHP Security Advisories Database The PHP Security Advisories Database references known security vulnerabilities in various PHP projects and libraries.

A php.ini scanner for best security practices

Scanner for PHP.ini The Iniscan is a tool designed to scan the given php.ini file for common security practices and report back results. Currently it

PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application

PHPIDS PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web ap

FunboxEasy - Proving Grounds - Offensive Security
FunboxEasy - Proving Grounds - Offensive Security

FunboxEasy - Proving Grounds - Offensive Security

Php Security Class

Security Advanced Security Class for Php Features Secure From XSS, CSRF, SQL Injection, BASE64, RFI, LFI, Command Injection, Block Suspicious Request

Windows and macOS Hardening Interface to make security more accessible.

Welcome to the Hardening Interface Introduction To use HardeningKitty service more easily, we have created an interface which permits better understan

PHP frontend for security.symfony.com

SensioLabs Security Checker WARNING: Don't use this piece of software anymore as the underlying web service will stop working at the end of January 20

Security advisories as a simple composer exclusion list, updated daily

Roave Security Advisories This package ensures that your application doesn't have installed dependencies with known security vulnerabilities. Installa

Security Component - Guard

The Guard component brings many layers of authentication together, making it much easier to create complex authentication systems where you have total control.

Comments
  • Update TraceableAccessDecisionManager.php

    Update TraceableAccessDecisionManager.php

    Removed the "if" statement that verifies if the ADM is instance of AccessDecisionManager.

    This control breaks profiler when it is trying to browse "Security" tab while a custom ADM was developed. The reason is that the "if" statement prevents SecurityDataCollector.php to retrieve the strategy and the list of voters.

    Based on my tests this modification doesn't affect the regular functionality of security-core.

    opened by sarbanha 1
  • Support Uuid/Ulid as userIdentifier in hasUserChanged()

    Support Uuid/Ulid as userIdentifier in hasUserChanged()

    Uuid/Ulid are supported as Doctrine types since Symfony 5.2, but when a User Entity uses them as its identifier, the strict comparison of the identifier in AbstractToken::hasUserChanged() fails unless the User Entity implements EquatableInterface and does the whole comparison itself. In effect, the user is always assumed as changed and logged out.

    This change implements a check, if the getUserIdentifier() method of the User Entity returns an object with an equals method and uses that for the comparison instead of the strict !== operator, that is always true for two different Uuid/Ulid objects, even if they contain the same uid.

    opened by spackmat 1
  • Adding missing translations in Core [en]

    Adding missing translations in Core [en]

    Issue: https://github.com/symfony/symfony/issues/25300

    This is for "en" only so not a biggie at all, all other languages still need to be done.

    opened by ThePeterMick 1
Releases(v6.1.9)
  • v6.1.9(Dec 28, 2022)

  • v6.0.17(Dec 28, 2022)

  • v6.2.2(Dec 16, 2022)

    Changelog (https://github.com/symfony/security-core/compare/v6.2.1...v6.2.2)

    • bug #48554 Fix invalid deprecation messages in Security constants (IonBazan)
    Source code(tar.gz)
    Source code(zip)
  • v6.2.0(Nov 30, 2022)

  • v6.2.0-RC1(Nov 25, 2022)

  • v6.2.0-BETA3(Nov 19, 2022)

  • v6.1.7(Oct 28, 2022)

    Changelog (https://github.com/symfony/security-core/compare/v6.1.6...v6.1.7)

    • bug #47955 Add missing args to trigger_deprecation (alamirault)
    Source code(tar.gz)
    Source code(zip)
  • v6.0.15(Oct 28, 2022)

    Changelog (https://github.com/symfony/security-core/compare/v6.0.14...v6.0.15)

    • bug #47955 Add missing args to trigger_deprecation (alamirault)
    Source code(tar.gz)
    Source code(zip)
  • v5.4.15(Oct 28, 2022)

    Changelog (https://github.com/symfony/security-core/compare/v5.4.14...v5.4.15)

    • bug #47955 Add missing args to trigger_deprecation (alamirault)
    Source code(tar.gz)
    Source code(zip)
  • v4.4.48(Oct 28, 2022)

  • v6.2.0-BETA1(Oct 24, 2022)

    Changelog (https://github.com/symfony/security-core/compare/v6.1.6...v6.2.0-BETA1)

    • feature #47817 TraceableAccessDecisionManager: fix inspecting voters of custom access decision managers (sarbanha)
    • feature #46064 Add a ChainUserChecker to allow calling multiple user checkers for a firewall (mbabker)
    • feature #38996 Remove the default values from setters with a nullable parameter (derrabus, nicolas-grekas)
    • feature #46183 Hide sensitive information with SensitiveParameter attribute (GromNaN)
    • feature #46094 Move the Security helper to SecurityBundle (chalasr)
    Source code(tar.gz)
    Source code(zip)
  • v6.1.6(Oct 12, 2022)

  • v6.0.14(Oct 12, 2022)

  • v5.4.14(Oct 12, 2022)

  • v4.4.47(Oct 12, 2022)

  • v6.1.5(Sep 30, 2022)

  • v6.0.13(Sep 30, 2022)

  • v5.4.13(Sep 30, 2022)

  • v4.4.46(Sep 30, 2022)

  • v6.1.4(Aug 26, 2022)

  • v6.0.12(Aug 26, 2022)

    Changelog (https://github.com/symfony/security-core/compare/v6.0.11...v6.0.12)

    • bug #47335 getUserIdentifier() must return a string (mpiot)
    Source code(tar.gz)
    Source code(zip)
  • v6.1.3(Jul 29, 2022)

  • v6.0.11(Jul 29, 2022)

  • v5.4.11(Jul 29, 2022)

  • v4.4.44(Jul 29, 2022)

  • v6.1.2(Jun 26, 2022)

  • v5.4.10(Jun 26, 2022)

  • v6.1.0(May 27, 2022)

  • v6.1.0-RC1(May 14, 2022)

  • v6.0.8(Apr 27, 2022)

The Security component provides a complete security system for your web application.

Security Component The Security component provides a complete security system for your web application. It ships with facilities for authenticating us

Symfony 1.2k Jan 1, 2023
A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.

SecurityMultiTool A multitool library offering access to recommended security related libraries, standardised implementations of security defences, an

Pádraic Brady 131 Oct 30, 2022
Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campbell/security-core

Laravel Security Laravel Security was created by, and is maintained by Graham Campbell, and is a voku/anti-xss wrapper for Laravel, using graham-campb

Graham Campbell 170 Nov 20, 2022
phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code

phpcs-security-audit is a set of PHP_CodeSniffer rules that finds vulnerabilities and weaknesses related to security in PHP code.

Floe design + technologies 654 Dec 28, 2022
JObfuscator — Java Source Code Obfuscation & Protection

JObfuscator is a source code obfuscator for the Java programming language. It can protect your Java source code and algorithms from hacking, cracking, reverse engineering, decompilation, and technology theft.

Bartosz Wójcik 8 Nov 6, 2022
Github Action which checks Security issues scanning package manager files

security-checker-action This action checks your composer.lock for known vulnerabilities in your package dependencies. Inputs lock optional The path to

Druid 0 May 5, 2022
Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSRF tokens.

Security Component - CSRF The Security CSRF (cross-site request forgery) component provides a class CsrfTokenManager for generating and validating CSR

Symfony 1.5k Jan 3, 2023
WordPress plugin that provides instant switching between user accounts.

User Switching Stable tag: 1.5.7 Requires at least: 3.7 Tested up to: 5.7 Requires PHP: 5.3 License: GPL v2 or later Tags: users, profiles, user switc

John Blackbourn 166 Dec 4, 2022
A PHP wrapper around the OpenSSL extension that provides a user-friendly interface for dealing with OpenSSL.

php-openssl-proxy About A PHP wrapper around the OpenSSL extension that provides a user-friendly interface for dealing with OpenSSL. What's up with th

Adão Pedro 4 Mar 5, 2022