6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"URL hacking in symfony admin generator\",\"text\":\"

In symfony's admin generator, I can choose, for instance, to disable the delete and edit actions in generator.yml

\\n\\n

Could a user change the URL and still access those functions, or should I also disable them in security.yml ?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Manu\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":{\"@type\":\"Answer\",\"text\":\"

Obviosly, if you disable them in config, they will not work in any way unless you enable them again. Fabien is not stupid ;)

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Vladislav Rastrusny\"},\"upvoteCount\":2}}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","php",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/php/1","children":"php"}]}],["$","span","security",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/security/1","children":"security"}]}],["$","span","symfony1",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/symfony1/1","children":"symfony1"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/8a9a4e882fa0a0acb9867ef58dde22a1?s=256&d=identicon&r=PG","alt":"Manu","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/113305/manu","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Manu"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",4500]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"URL hacking in symfony admin generator"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

In symfony's admin generator, I can choose, for instance, to disable the delete and edit actions in generator.yml

\n\n

Could a user change the URL and still access those functions, or should I also disable them in security.yml ?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",1137]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","4829592",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/8fe496625f910b5f94e8ebd9870408b4?s=256&d=identicon&r=PG","alt":"Vladislav Rastrusny","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/173677/vladislav-rastrusny","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Vladislav Rastrusny"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",30013]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

Obviosly, if you disable them in config, they will not work in any way unless you enable them again. Fabien is not stupid ;)

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","29718791",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/29718791","className":"text-blue-600 hover:underline","children":"Secure all urls in Symfony2"}]}],["$","li","38844816",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/38844816","className":"text-blue-600 hover:underline","children":"symfony 3 - how to allow unauthenticated access to a URL prefix"}]}],["$","li","32147956",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/32147956","className":"text-blue-600 hover:underline","children":"Symfony Security rout admin"}]}],["$","li","25999929",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/25999929","className":"text-blue-600 hover:underline","children":"Symfony2 : controlling access to a ressource"}]}],["$","li","24555772",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/24555772","className":"text-blue-600 hover:underline","children":"Symfony2 Access Control/Security"}]}],["$","li","18919096",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18919096","className":"text-blue-600 hover:underline","children":"Restricting admin access to url pattern in Symfony2"}]}],["$","li","10348137",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10348137","className":"text-blue-600 hover:underline","children":"Security in Symfony2"}]}],["$","li","18068516",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/18068516","className":"text-blue-600 hover:underline","children":"Symfony2 security allowing all URLs and not blocking anything"}]}],["$","li","4778859",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4778859","className":"text-blue-600 hover:underline","children":"with Symfony sfDoctrineGuardPlugin, users can open a page which actually they cannot by changing url"}]}],["$","li","747111",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/747111","className":"text-blue-600 hover:underline","children":"Symfony: Options for admin URL"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

URL hacking in symfony admin generator

Answers (1)

Related Questions