Three Easy Ways to Secure Symfony Applications
In this short video series we are going to take a look at three ways of securing your Symfony application.
Firstly, we will briefly touch on
access_control. This is not to be confused with the ACL (Access Control List). We aren't going to dive deep into the
access_control section in this series, but simply see how we can use the
access_control section inside our
security.yml to restrict access from a high level point of view.
Secondly, we will look at the
@Security annotation. This is the best practice / recommended way of securing parts of your application, as of Symfony 2.6. Whilst this method certainly works, it might not offer the fine grained control you may need in your specific application.
Lastly we will look at Security Voters. Whilst more advanced than using the
@Security annotation, personally I feel that Security Voters give you the most flexibility, and they really aren't that difficult to write or use.
As ever, all of these concepts seem a lot more confusing and scary before you have used them, or seen them in use. Hopefully by the end of this short series, you will have a better understanding of when you could use each of the three options, and feel confident enough to implement each.
I've intentionally kept this course on the short side as the general feedback I have had is that security in Symfony is overwhelming and confusing. Once you are aware of these three options, hopefully it will encourage you to dive in a little deeper, even if only on the parts that interest or concern you.
Let's get started securing our Symfony applications :)