Security: Drupal 8 and Symphony
When working with Symphony Framework to develop Drupal 8 application, make sure security is taken very seriously. Symphony's website puts out documentation of best practices when developing using the Symphony framework, a link can be found here
Edit this Article
- It is advisable to use the bcrypt encoder for hashing your user's password instead of the traditional SHA-512 hashing encoder because bycrypt algorithm has a salt that is used in hashing of the password. This would protect against rainbow table attacks and would help to slow the brute-force search attacks.
- If you are using php7.2+ or have a libsordium extension installed then you should use Argon2i hashing algorithm as it is recommended by industry standards.
- Authorization can be enforced by using security.yaml file to implement security code or the use of @Security annotation and using isGranted on the security.authorization_checker service directly.