addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscontroller-playcrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobe--smallglobegmailgooglegroupshelp-with-circleimageimagesinstagramFill 1launch-new-window--smalllight-bulblinklocation-pinm-swarmSearchmailmessagesminusmoremuplabelShape 3 + Rectangle 1ShapeoutlookpersonJoin Group on CardStartprice-ribbonprintShapeShapeShapeShapeImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruserwarningyahoo

Symfony User Group - NL Message Board › Authentication Guard Bundle (open source project)

Authentication Guard Bundle (open source project)

user 74209472
Groningen, NL
Post #: 1
Hi Symfonians,

I am new to this meetup group and would like to share my open souce project with you:

The OWASP Guide states "Applications MUST protect credentials from common authentication attacks (..)". Symfony 2 has a firewall and a series of authentication components, but i could not find any that protects against brute force and dictionary attacks. The CCDNUserSecurityBundle registers failed attempts, but it only blocks per ip address. I could not find a duscussion of the assumptions and requirements it was based on.

AuthenticationGuardBundle also blocks per user name. But there are more OWASP requirements with respect to authentication. I would like to ask your opinion about their importance and about the other topics on the bundles wiki on Gitgub. Other ideas and help are welcome too, of course.

Greetings, Henk Verhoeven.

This project was previously discussed on GroningenPHP­, which resulted in new ideas and comments on the wiki and changes in requirements and their priorities. I strive for an agile development style with early input from potential stakeholders. The software therefore is a work in progress and certaily not ready for production)
Powered by mvnForum

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy