ea5c7f1275
This PR was submitted for the master branch but it was merged into the 2.2 branch instead (closes #6482). Commits ------- f3e227a Mask PHP_AUTH_PW header in profiler Discussion ---------- Mask PHP_AUTH_PW header in profiler --------------------------------------------------------------------------- by fabpot at 2012-12-27T17:39:26Z Not sure about this one. Having public access to the web profiler in the production environment is really bad anyway. There is a ton of information that could help an attacker. So, just hiding this specific bit of information won't make it better. --------------------------------------------------------------------------- by lmcd at 2012-12-27T18:04:45Z A few scenarios are suggested here where a developer might want the profiler switched on in production: http://symfony.com/doc/current/book/internals.html I'm talking specifically about someone gaining malicious access to the filesystem. Ripping database tables are somewhat ineffective at stealing user credentials, considering passwords are usually securely hashed nowadays. But the profiler database would have usernames/passwords just sitting there in plaintext. I know there is lots of information there to aid an attacker, but so is there in most databases (IP addresses, useragents, names, email addresses etc) - but passwords are widely accepted as the *one* thing that should *never* just be stored in plaintext. |
||
|---|---|---|
| src/Symfony | ||
| .editorconfig | ||
| .gitignore | ||
| .travis.yml | ||
| autoload.php.dist | ||
| CHANGELOG-2.0.md | ||
| CHANGELOG-2.1.md | ||
| CHANGELOG-2.2.md | ||
| composer.json | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS.md | ||
| LICENSE | ||
| phpunit.xml.dist | ||
| README.md | ||
| UPGRADE-2.1.md | ||
| UPGRADE-2.2.md | ||
| UPGRADE-3.0.md | ||
README
What is Symfony2?
Symfony2 is a PHP 5.3 full-stack web framework. It is written with speed and flexibility in mind. It allows developers to build better and easy to maintain websites with PHP.
Symfony can be used to develop all kind of websites, from your personal blog to high traffic ones like Dailymotion or Yahoo! Answers.
Requirements
Symfony2 is only supported on PHP 5.3.3 and up.
Be warned that PHP versions before 5.3.8 are known to be buggy and might not work for you:
-
before PHP 5.3.4, if you get "Notice: Trying to get property of non-object", you've hit a known PHP bug (see https://bugs.php.net/bug.php?id=52083 and https://bugs.php.net/bug.php?id=50027);
-
before PHP 5.3.8, if you get an error involving annotations, you've hit a known PHP bug (see https://bugs.php.net/bug.php?id=55156).
-
PHP 5.3.16 has a major bug in the Reflection subsystem and is not suitable to run Symfony2 (https://bugs.php.net/bug.php?id=62715)
Installation
The best way to install Symfony2 is to download the Symfony Standard Edition available at http://symfony.com/download.
Documentation
The "Quick Tour" tutorial gives you a first feeling of the framework. If, like us, you think that Symfony2 can help speed up your development and take the quality of your work to the next level, read the official Symfony2 documentation.
Contributing
Symfony2 is an open source, community-driven project. If you'd like to contribute, please read the Contributing Code part of the documentation. If you're submitting a pull request, please follow the guidelines in the Submitting a Patch section and use Pull Request Template.
Running Symfony2 Tests
Information on how to run the Symfony2 test suite can be found in the Running Symfony2 Tests section.