Comments on: Implementing email login with sfGuardPlugin http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/ New Zealand Web Design & Development (PHP 5, MySQL, Symfony Framework, Apache, Linux) Fri, 09 Dec 2011 18:27:36 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Laurent http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-8774 Laurent Sun, 04 Sep 2011 05:35:16 +0000 http://bluehorn.co.nz/?p=195#comment-8774 Thank you very much for this great article ! Thank you very much for this great article !

]]> By: Sid http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-246 Sid Fri, 12 Jun 2009 01:07:38 +0000 http://bluehorn.co.nz/?p=195#comment-246 I'm about to write one for Symfony 1.2 and Propel (sorry Doctrine, will be a wee while till I switch) It turned out that implementing this in 1.2 is very different than 1.0. Stay tuned. I’m about to write one for Symfony 1.2 and Propel (sorry Doctrine, will be a wee while till I switch)

It turned out that implementing this in 1.2 is very different than 1.0. Stay tuned.

]]> By: Matthew http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-245 Matthew Thu, 11 Jun 2009 23:16:14 +0000 http://bluehorn.co.nz/?p=195#comment-245 <a href="#comment-112" rel="nofollow">@Justin Davis</a> <a href="#comment-214" rel="nofollow">@Sid</a> Any updates on this? @Justin Davis
@Sid

Any updates on this?

]]> By: Sid http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-214 Sid Wed, 03 Jun 2009 23:20:30 +0000 http://bluehorn.co.nz/?p=195#comment-214 Hi, I have not done this method with Doctrine. But I'm working on an article for Symfony 1.2 and Propel. Hi, I have not done this method with Doctrine. But I’m working on an article for Symfony 1.2 and Propel.

]]> By: Justin Davis http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-112 Justin Davis Tue, 05 May 2009 18:42:20 +0000 http://bluehorn.co.nz/?p=195#comment-112 Thanks for this! I'm working on implementing it (with Symfony 1.2/Doctrine) and am just having problems overriding the standard sfGuardAuth config. I put the signin.yml file in the directory you specified, but it appears that it's still attempting to validate against username, instead of email. Thoughts? Thanks for this! I’m working on implementing it (with Symfony 1.2/Doctrine) and am just having problems overriding the standard sfGuardAuth config. I put the signin.yml file in the directory you specified, but it appears that it’s still attempting to validate against username, instead of email.

Thoughts?

]]> By: jerome http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-76 jerome Wed, 29 Apr 2009 21:56:05 +0000 http://bluehorn.co.nz/?p=195#comment-76 Ok, you made the point ;-) The word "secure" was not correct, sorry. What I wanted to say is : what is your randomly generate username (10 characters of first name, 3 characters of last name, and a 3-digits random number) was already used by someone else? Hum, I didn't see that you try another random. Damn, sorry, I was wrong all the lines :-) Ok, you made the point ;-)

The word “secure” was not correct, sorry. What I wanted to say is : what is your randomly generate username (10 characters of first name, 3 characters of last name, and a 3-digits random number) was already used by someone else?

Hum, I didn’t see that you try another random. Damn, sorry, I was wrong all the lines :-)

]]> By: Sid http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-75 Sid Wed, 29 Apr 2009 21:31:31 +0000 http://bluehorn.co.nz/?p=195#comment-75 <a href="#comment-72" rel="nofollow">@jeromev</a> I'm not aware of any 'security' problem with randomly generated username. Storing email in username field is a potential security and privacy issue. This is because username and email are two columns of different purposes. Username tend to be displayed publicly, while email should never be displayed publicly. If you store email in username field, you have to be really careful when using other plugins that depend on sfGuardPlugin, because chances are, they'd display the email stored in username field publicly. It is also not 'natural' to code things like: $this->sendEmailTo($user->getUsername()); Try to use sfGuardPlugin and sfSimpleForum, and store email in username field, and you'll understand what I mean. @jeromev

I’m not aware of any ‘security’ problem with randomly generated username.

Storing email in username field is a potential security and privacy issue. This is because username and email are two columns of different purposes.

Username tend to be displayed publicly, while email should never be displayed publicly. If you store email in username field, you have to be really careful when using other plugins that depend on sfGuardPlugin, because chances are, they’d display the email stored in username field publicly.

It is also not ‘natural’ to code things like: $this->sendEmailTo($user->getUsername());

Try to use sfGuardPlugin and sfSimpleForum, and store email in username field, and you’ll understand what I mean.

]]> By: jeromev http://bluehorn.co.nz/2009/04/29/implementing-email-login-with-sfguardplugin/comment-page-1/#comment-72 jeromev Wed, 29 Apr 2009 13:43:27 +0000 http://bluehorn.co.nz/?p=195#comment-72 Hello! Thanks for this howto. But, why not store the email in the username field? I think that's more "secure" than using a random string. Hello!

Thanks for this howto.

But, why not store the email in the username field? I think that’s more “secure” than using a random string.

]]>