Security (Symfony PHP Framework Drupal 8)

Security: Drupal 8 and Symphony

When working with Symphony Framework to develop Drupal 8 application, make sure security is taken very seriously. Symphony's website puts out documentation of best practices when developing using the Symphony framework, a link can be found here.

  1. It is advisable to use the bcrypt encoder for hashing your user's password instead of the traditional SHA-512  hashing encoder because bycrypt algorithm has a salt that is used in hashing of the password. This would protect against rainbow table attacks and would help to slow the brute-force search attacks.
  2. If you are using php7.2+ or have a libsordium extension installed then you should use Argon2i hashing algorithm as it is recommended by industry standards.
  3. Authorization can be enforced by using security.yaml file to implement security code or the use of @Security annotation and using isGranted on the security.authorization_checker service directly.