Does Symfony have any weaknesses?

I am currently conducting a technical review of a web application that was developed by a third party. The used symfony framework. Are there any k开发者_如何学运维nown issues that I should visit first? E.g. any security holes.

Thanks in advance for help.

Mark

I've used the symfony framework for many apps and the framework itself is pretty secure by default.

One thing you might want to check (it's not really a security issue though) is that the developer replaces the default error pages, I'm not talking about the 404's or anything like that but when symfony crashes hard it will automatically go to a symfony error page.

You also might want to check the security.yml files to make sure that all the modules that require authentication are set to is_secure: on.

Also I think in the settings.yml there is an option to set the framework to automatically escape evil characters to avoid XSS. You should check that things are being escaped. I believe it is on by default in 1.2.

Maybe you could also check to see if the developer used any strange plugins. Some plugins are not created by the developers of symfony and they can't really guarantee the quality of the code used in them.

Check out the Symfony Deployment Cheat Sheet. It has a great checklist to go through to make sure your app is ready for deployment.

I can't really think of anything else at the moment. If symfony 1.2 is used you should not have to worry much about the framework itself being an issue. IMHO.

Try searhing in bugspy.net: http://bugspy.net/search/?q=symfony

Symfony has a very strong developer community so identified security vulnerabilities are usually fixed pretty quickly.

Provided that you chose a version of the framework that is supported, any security holes are likely to be fixed speedily.

The versions are listed here: http://www.symfony-project.org/installation