1

I know that I can use this encoder:

$encoder = $this->container->get('security.password_encoder');
$encoded = $encoder->encodePassword($user, $plainPassword);

But when I should use it? I can encode password before calling setPassword() method. Or I can encode password in setPassword() method. Or maybe I should create a custom doctrine data type which will encode password before save to database? Or something else? Which variant is better?

Improve this question

2 Answers 2

Reset to default
3

If you don't use any bundle for users (like FOSUserBundle) I would suggest to take advantage of doctrine's events preInsert and preUpdate

That way you can centralize your code and be sure that every time a user is "written" into db, your operation will be performed.

Please pay attention

If $plainPassword hasn't a value into preUpdate, maybe you should perform some actions and, more in general, I bet you need to implement some logic to avoid encode a password that's already encoded

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

The practice is to store passwords in DB in encrypted form. Then during login get the password from the user, encrypt it again, read the encrypted password from the DB, compare the two; pass/fail depending on match/mismatch.

Improve this answer

2 Comments

I do believe that you should NOT encrypt your passwords because it's a reversible operation. You mush hash it, than it will be not reversible.
Yes, I stand corrected. The flow I described above was for one way hash, but I used the word encryption.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.