Posts21-30
Symfony 6 and JWT bundles: Refresh token
Summary Are you interested in JSON Web Token (JWT) authentication and authorization in PHP or Symfony, one of its frameworks? ...
ReadSymfony 6 and Lexik JWT Bundle 2: Auth with JSON Web Token
Summary JWT, JSON Web Token, is one of the open Internet protocol standards, described as “a compact, URL-safe means of representing claims to be transferred between two parties” in RFC 7519 . ...
ReadSymfony 6 and EasyAdmin 4: Hashing password
Summary With EasyAdmin bundle, you can create admin panel easily. Well, as to User entity, given it has password field, you must want to hash it before it stored for security. ...
ReadSymfony 6 and EasyAdmin 4: Admin Panel for User Management System
Summary EasyAdmin enables you to create admin panel bound to storage such as RDBMS easily. It is one of the bundles of Symfony, a powerful and flexible PHP framework, also requiring Doctrine ORM entities. ...
ReadSymfony 6 User Authentication
Summary Symfony is one of PHP web frameworks. It is my favorite one, because it is clearly classified, functional and robust. ...
ReadEasyAdmin 4 for admin panel based on PHP 8.0 and Symfony 6.0: Install and create a sample
Summary EasyAdmin enables you to create easily admin panel bound to storage such as RDBMS. It is one of the bundles of Symfony, a powerful and flexible PHP framework, also requiring Doctrine ORM entities. ...
ReadA new RCE vulnerability on Log4j 2.17.0 (CVE-2021-4483)
Log4j 2.17.1 was released because a new vulnerability on RCE (Remote Code Execution) had been found in 2.17.0. (CVE-2021-4483) According to The Apache Software Founndation, CVSS is 6. ...
ReadLog4j 2: New vulnerability on DoS in 2.16.0 and below
Log4j 2.17.0 was released due to security reason. It fixes DoS vulnerability in 2.16.0 and below on v2. As to the new vulnerability on DoS (denial-of-service), it’s safe with a default Pattern Layout where a Context Lookup such as $${ctx:loginId} are NOT used in logging configuration. ...
ReadNew Log4j vulnerability was found in 2.15.0 which is less dangerous
As to Log4j, found and reported was the new vulnerability also in 2.15.0 as CVE-2021-45046. It was fixed in the next 2. ...
ReadAbout Apache Log4j RCE vulnerability (CVE-2021-44228)
Summary Caused by Apache Log4j’s JNDI (“Java Naming and Directory Interface”) features. How is it severe? The CVSS score is 10, the maximum, which means the highest risk. ...
Read