Yasser Hassan
daab0e9aef
Fixing typo.
...
close #7941
10 years ago
Alexander Makarov
d7346cbfaf
Used PHP_OS instead of php_uname() to check for Linix
10 years ago
Alexander Makarov
4fffd8fcef
Prevented Security from erroring in case of /dev/urandom or /dev/random aren't available
10 years ago
Alexander Makarov
7721baae1f
Used StringHelper for byte operations
10 years ago
tom--
4512833fac
Fixes #7215 : Uses OpenSSL crypto lib instead of Mcrypt. Added testing of encrypted data compatibility, both backward and forward
10 years ago
munawer
33b760eca2
[ci skip] Guide typos fixed
10 years ago
Alexander Mohorev
899b778994
Correct type declarations
10 years ago
Alexander Mohorev
bb8550886e
PHP type casting
10 years ago
Alexander Mohorev
f1edafffaf
PHPDoc comment doesn't contain all necessary @throws tag
...
close #5762
10 years ago
Sergey
783d1ccaed
typo fix
...
close #5454
10 years ago
Henry Abbott
00aab7c379
Fixed typo in comments for generatePasswordHash
10 years ago
RichWeber
92cd13a913
pull origin
10 years ago
Qiang Xue
a0d19e922b
Fixes #4497 : changed to use hex digits by default when hashing data.
10 years ago
Carsten Brandt
ca9d4867f4
code style
10 years ago
Alexander Makarov
be24a2e2c7
Removed mentions of $deriveKeyStrategy from Security phpdoc
10 years ago
tom--
33f2525a39
Remove nonsense branch logic
10 years ago
tom--
c6a8b418ef
compareString(): timing depends only on length of `$actual` input, unit test
10 years ago
Vincent
56a9536b51
Typo in docs
10 years ago
Qiang Xue
b680afc721
Fixes #4462 .
10 years ago
Alexander Makarov
c5a3cd511e
Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now protected, compareString() is now public
10 years ago
tom--
2c5c2c101b
Fixes #4131 : Security adjustments
10 years ago
Alexander Makarov
8802d0305e
Avoid method call in for condition
10 years ago
Alexander Makarov
deecdcad84
Adjusted exception message when pdkdbf2 is set but environment isn't OK
10 years ago
Alexander Makarov
481db35512
Fixes #4114 : Added Security::generateRandomHexKey(), used it for various tokens and default key generation
10 years ago
Paul Klimov
90a625013c
Result check at `Security::generateRandomKey()` added
10 years ago
fps01
039909a846
Fixed a call of function "generateRandomKey()" in app\base\Security
10 years ago
Qiang Xue
399b6b18e3
Fixes #4103
10 years ago
Paul Klimov
84cbf19bfe
Doc comments at `Security::generateRandomKey()` adjusted
10 years ago
Paul Klimov
69abbc7ff3
Fallback at `Security::generateRandomKey()` removed
10 years ago
Paul Klimov
052ae83340
Option `Security::autoGenerateSecretKey` added
10 years ago
Paul Klimov
25a3637709
Upgrade note about `Security` updated
10 years ago
Paul Klimov
5a42985750
Option `Security::useDeriveKeyUniqueSalt` added
10 years ago
Paul Klimov
772667fa1c
Doc comments at `Security` updated
10 years ago
Paul Klimov
4ce4707a3a
Option `Security::passwordHashStrategy` added
10 years ago
Paul Klimov
4063502439
Option `Security::deriveKeyStrategy` added
10 years ago
Paul Klimov
846596294d
Fallback for `Security::generateRandomKey()` added
10 years ago
Paul Klimov
4768dcdbc2
Method `Security::compareString()` extracted
10 years ago
Klimov Paul
47f8eafb6d
Doc comments at `yii\base\Security` fixed
10 years ago
Klimov Paul
db0beb6b6b
'yii\base\Security' component created.
10 years ago
Carsten Brandt
91965fd391
phpdoc formatting issues
11 years ago
Qiang Xue
b6b7a8f235
removed srand()
11 years ago
Carsten Brandt
bf3c75147d
reverted breaking PHPdoc codestyle changes
...
issue #2852
11 years ago
SonicGD
b5f8a4dc22
Reformat code te be PSR-2 compatible
11 years ago
AlexGx
eaaa5b1bb5
fix code style
11 years ago
Qiang Xue
20aff5330c
added back fallback mechanism for generating salt.
11 years ago
Scott Arciszewski
660d3a57d6
Inconsistently insecure
...
Why use a strong random number generator in one place, but not another? I know salts have no cryptographic security requirement, but collisions are less likely if you use one.
11 years ago
Qiang Xue
0c38655217
psr-4 move
11 years ago
Crypt
0c1557e56a
Fix doc for generateSalt.
...
$cost must be in range 4-31.
11 years ago
Qiang Xue
0d38d6131e
doc fix.
11 years ago
Vladimir
92b9ae382f
Update BaseSecurity.php
...
prevent call strlen function twice
11 years ago