Is it possible to hide the password in the Guard token?

B

BonBon Slick2018-06-30 21:46:52

symfony

BonBon Slick, 2018-06-30 21:46:52

Making a dump in twig {{ dump(app) }}
https://symfony.com/doc/current/security/guard_aut...

AppVariable {#3049 ▼
  -tokenStorage: TokenStorage {#2059 ▼
    -token: PostAuthenticationGuardToken {#2348 ▼
      -providerKey: "main"
      -user: User {#2726 ▼
        -plainPassword: UserPlainPassword {#2757 ▼
          -plainPassword: null
        }
        -uuid: UserId {#2733 ▶}
        -email: UserEmail {#2745 ▶}
        -password: UserPassword {#2751 ▼
          -password: "$2y$12$tq2XlVKIkuuEFgjYEWgg5.yqHXTFqB/EsTohOqgWVm7u4n4BDB5WG"
        }
        -salt: UserSalt {#2763 ▼
          -salt: "HKIBVCPvolSaC/qUq5jHAZl/6YN2U2VDq6D8bm1WmOFVAdRdJ7M2Rh1RIf+rV8E/nf9XbZ6GJw=="
        }

How to hide sensitive information in a token?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

DevMan, 2018-06-30
@BonBonSlick

I don't see the password, I only see the hash.
uncles, and if you dump in your code, will you also delete it?
twig is a server part. Once you get there, it won't help you much. unless holy water on the included server.