News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Symfony Blog:
Symfony2 Security Audit
October 07, 2011 @ 09:04:19

Fabien Potencier (of the Symfony framework project) has posted the results of a security audit that was performed on the framework by SektionEins.

The Symfony2 core team takes security issues very seriously; we have a dedicated procedure to report such issues, and the framework itself tries to give the developer all the features needed to secure his code easily. Thanks to our successful community donation drive, SektionEins performed a security audit on the Symfony2 code earlier this year. The audit is now over and the good news is that the Symfony2 code is pretty solid; only minor problems have been found. They have all been addressed now

Their findings included things like the Request component trusting certain headers, bad regex validation on datetimes, password encoding issues, cookie handling and exception handling issues. Links to the fixes for each are included in the post.

0 comments voice your opinion now!
symfony2 security audit sektioneins framework fix


blog comments powered by Disqus

Similar Posts

PHPMaster.com: Google App Engine and a Plea for Phalcon

Wojciech Sznapka's Blog: Always use most latest versions for benchmarks

StackOverflow.com: The Definitive Guide To Forms based Website Authentication

CodeSnipers.com: Stupidly Easy MVC in PHP or \"We don\'t need no stinking framework!\" (Part 2)

Laura Thomson's Blog: Do all frameworks really suck?


Community Events











Don't see your event here?
Let us know!


unittest database series hack package security introduction release composer application opinion symfony2 component framework language podcast hhvm install performance facebook

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework