Symfony Diem:如何确保整个前端安全?
[英]Symfony Diem: how to secure whole frontend?
问题描述
How can I secure whole frontend site, given that module responsible for login management (dmUser) is part of frontend, so it cannot be called without login (eternal forwards)? 
鉴于负责登录管理的模块(dmUser)是前端的一部分,因此如何保护整个前端站点,因此如果没有登录(永恒转发)就无法调用它? And if I write my custom login module it's still called via dmFront, ie within "secure zone" and ends up with eternal forwards? 而且,如果我编写我的自定义登录模块,它仍然可以通过dmFront调用,即在“安全区域”内并以永恒的前向结尾?
One solution would be making each and every front page secure individually, but it's not possible due to specifics of this particular projet 一种解决方案是分别确保每个首页的安全,但是由于该特定项目的具体细节,这是不可能的
1 个解决方案
解决方案1
1 2011-04-08 12:40:04
I don't know about diem specifically, but typically you would edit apps/frontend/config/security.yml and set: 我不特别了解diem,但是通常您会编辑apps/frontend/config/security.yml并设置:
default:
is_secure: true
And then set your actions that need to be insecure (login, forgot password etc) as is_secure: false . 然后将需要不安全的操作(登录,忘记密码等)设置为is_secure: false 。 See the documentation but an example you could create /apps/frontend/your_module_that_handles_logins/config/security.yml and put: 请参阅文档,但您可以创建一个示例/apps/frontend/your_module_that_handles_logins/config/security.yml并放入:
Login:
is_secure: false
Forgot_password:
is_secure: false
And whatever other actions you need to not be secure. 以及其他不需要确保安全的操作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.