899b778994
Correct type declarations
10 years ago
bb8550886e
PHP type casting
10 years ago
f1edafffaf
PHPDoc comment doesn't contain all necessary @throws tag
...
close #5762
10 years ago
783d1ccaed
typo fix
...
close #5454
10 years ago
00aab7c379
Fixed typo in comments for generatePasswordHash
10 years ago
92cd13a913
pull origin
10 years ago
a0d19e922b
Fixes #4497 : changed to use hex digits by default when hashing data.
10 years ago
ca9d4867f4
code style
10 years ago
be24a2e2c7
Removed mentions of $deriveKeyStrategy from Security phpdoc
10 years ago
33f2525a39
Remove nonsense branch logic
10 years ago
c6a8b418ef
compareString(): timing depends only on length of `$actual` input, unit test
10 years ago
56a9536b51
Typo in docs
10 years ago
b680afc721
Fixes #4462 .
10 years ago
c5a3cd511e
Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now protected, compareString() is now public
10 years ago
2c5c2c101b
Fixes #4131 : Security adjustments
10 years ago
8802d0305e
Avoid method call in for condition
10 years ago
deecdcad84
Adjusted exception message when pdkdbf2 is set but environment isn't OK
10 years ago
481db35512
Fixes #4114 : Added Security::generateRandomHexKey(), used it for various tokens and default key generation
10 years ago
90a625013c
Result check at `Security::generateRandomKey()` added
10 years ago
039909a846
Fixed a call of function "generateRandomKey()" in app\base\Security
10 years ago
399b6b18e3
Fixes #4103
10 years ago
84cbf19bfe
Doc comments at `Security::generateRandomKey()` adjusted
10 years ago
69abbc7ff3
Fallback at `Security::generateRandomKey()` removed
10 years ago
052ae83340
Option `Security::autoGenerateSecretKey` added
10 years ago
25a3637709
Upgrade note about `Security` updated
10 years ago
5a42985750
Option `Security::useDeriveKeyUniqueSalt` added
10 years ago
772667fa1c
Doc comments at `Security` updated
10 years ago
4ce4707a3a
Option `Security::passwordHashStrategy` added
10 years ago
4063502439
Option `Security::deriveKeyStrategy` added
10 years ago
846596294d
Fallback for `Security::generateRandomKey()` added
10 years ago
4768dcdbc2
Method `Security::compareString()` extracted
10 years ago
47f8eafb6d
Doc comments at `yii\base\Security` fixed
10 years ago
db0beb6b6b
'yii\base\Security' component created.
10 years ago
91965fd391
phpdoc formatting issues
11 years ago
b6b7a8f235
removed srand()
11 years ago
bf3c75147d
reverted breaking PHPdoc codestyle changes
...
issue #2852
11 years ago
b5f8a4dc22
Reformat code te be PSR-2 compatible
11 years ago
eaaa5b1bb5
fix code style
11 years ago
20aff5330c
added back fallback mechanism for generating salt.
11 years ago
660d3a57d6
Inconsistently insecure
...
Why use a strong random number generator in one place, but not another? I know salts have no cryptographic security requirement, but collisions are less likely if you use one.
11 years ago
0c38655217
psr-4 move
11 years ago
0c1557e56a
Fix doc for generateSalt.
...
$cost must be in range 4-31.
11 years ago
0d38d6131e
doc fix.
11 years ago
92b9ae382f
Update BaseSecurity.php
...
prevent call strlen function twice
11 years ago
26767735dc
Renamed byte methods, moved path methods back to StringHelper
11 years ago
5f2a612c78
Moved file and path related methods from StringHelper to FileHelper, renamed StringHelper byte methods not to be misused as string methods
11 years ago
454a9ee52e
fixes #1303 : Security::decrypt now returns null w/o error when null is passed as $data
11 years ago
abb349361b
use json format.
11 years ago
f09c78aad9
save security keys as a serialized string instead of exported variable.
11 years ago
1f6a823073
Short array syntax
11 years ago
Alexander Mohorev
Sergey
Henry Abbott
RichWeber
Qiang Xue
Carsten Brandt
Alexander Makarov
tom--
Vincent
Paul Klimov
fps01
SonicGD
AlexGx
Scott Arciszewski
Crypt
Vladimir