Carsten Brandt
e94b68436d
complete test coverage for reading /dev/urandom
...
fixes an issue with buffered reading
9 years ago
Carsten Brandt
f2f082dbab
moved checks before random_bytes() to have consistent behavior accross php versions
9 years ago
Alexander Makarov
0c6c1eebd1
Better buffer usage description as suggested by @tom--
...
https://github.com/yiisoft/yii2/pull/11285#discussion_r59960199
9 years ago
Alexander Makarov
6a80a132e2
Converted constant into local variable #11285
9 years ago
Alexander Makarov
81b18e1538
Fixed variable name
9 years ago
Alexander Makarov
371440d59a
More Security component enhancements
...
- Removed PHP version checks since both are met by default because Yii requires 5.4.0+.
- Limit PHP fread buffer in order to prevent entropy wasting.
- Fixed incorrect bytes to read calculation.
- Added more notes explaining decisions.
9 years ago
Tom Worster
c455a3c54b
Security component enhancements
...
- Added tests for random key generation speed.
- Better generateRandomKey() performance for small reads because of using fopen + buffered read and local caching of source detection.
- Use /dev/random on FreeBSD.
9 years ago
Carsten Brandt
191f2a4943
fixed phpdoc type names
9 years ago
Carsten Brandt
f620f4de90
phpdoc fixes
9 years ago
Tom Worster
40fc49bf16
remove obsolete @throw tags
9 years ago
Tom Worster
ba19858e58
move private state var also
9 years ago
Tom Worster
83b61eae43
move "private" consts before generateRandomKey()
9 years ago
Tom Worster
358e9115ed
comment lstat
9 years ago
Tom Worster
e7a888ad11
use file_get_contents and not magic numbers
9 years ago
Tom Worster
1f41a2c9af
Fixes #9878,9879,9880: Make `\base\Security` use `random_bytes()`, LibreSSL, mcrypt, limit OpenSSL to Windows, and to prefer `password_hash()` over `crypt()`
9 years ago
SilverFire - Dmitry Naumenko
cd87d67f34
Global DOCS update: ~~~ replaced with ```
9 years ago
artur
e1509bfe73
Fix methods references
9 years ago
Carsten Brandt
6d9fe671de
various code style and whitespace adjustments
9 years ago
freezy
6a4436f95b
[ Fixes #9177 ] Password Hash Cost setting for Security component
9 years ago
onedevlink
c4ab9a0891
Fixed typo in base/Security file and docs
9 years ago
Alexander Mohorev
68c30c1034
Replace aliases of functions
9 years ago
Yasser Hassan
daab0e9aef
Fixing typo.
...
close #7941
10 years ago
Alexander Makarov
d7346cbfaf
Used PHP_OS instead of php_uname() to check for Linix
10 years ago
Alexander Makarov
4fffd8fcef
Prevented Security from erroring in case of /dev/urandom or /dev/random aren't available
10 years ago
Alexander Makarov
7721baae1f
Used StringHelper for byte operations
10 years ago
tom--
4512833fac
Fixes #7215 : Uses OpenSSL crypto lib instead of Mcrypt. Added testing of encrypted data compatibility, both backward and forward
10 years ago
munawer
33b760eca2
[ci skip] Guide typos fixed
10 years ago
Alexander Mohorev
899b778994
Correct type declarations
10 years ago
Alexander Mohorev
bb8550886e
PHP type casting
10 years ago
Alexander Mohorev
f1edafffaf
PHPDoc comment doesn't contain all necessary @throws tag
...
close #5762
10 years ago
Sergey
783d1ccaed
typo fix
...
close #5454
10 years ago
Henry Abbott
00aab7c379
Fixed typo in comments for generatePasswordHash
10 years ago
RichWeber
92cd13a913
pull origin
10 years ago
Qiang Xue
a0d19e922b
Fixes #4497 : changed to use hex digits by default when hashing data.
10 years ago
Carsten Brandt
ca9d4867f4
code style
10 years ago
Alexander Makarov
be24a2e2c7
Removed mentions of $deriveKeyStrategy from Security phpdoc
10 years ago
tom--
33f2525a39
Remove nonsense branch logic
10 years ago
tom--
c6a8b418ef
compareString(): timing depends only on length of `$actual` input, unit test
10 years ago
Vincent
56a9536b51
Typo in docs
10 years ago
Qiang Xue
b680afc721
Fixes #4462 .
10 years ago
Alexander Makarov
c5a3cd511e
Security component adjustments: fixed comment style, hkdf() and pbkdf2() are now protected, compareString() is now public
10 years ago
tom--
2c5c2c101b
Fixes #4131 : Security adjustments
10 years ago
Alexander Makarov
8802d0305e
Avoid method call in for condition
10 years ago
Alexander Makarov
deecdcad84
Adjusted exception message when pdkdbf2 is set but environment isn't OK
10 years ago
Alexander Makarov
481db35512
Fixes #4114 : Added Security::generateRandomHexKey(), used it for various tokens and default key generation
10 years ago
Paul Klimov
90a625013c
Result check at `Security::generateRandomKey()` added
10 years ago
fps01
039909a846
Fixed a call of function "generateRandomKey()" in app\base\Security
10 years ago
Qiang Xue
399b6b18e3
Fixes #4103
10 years ago
Paul Klimov
84cbf19bfe
Doc comments at `Security::generateRandomKey()` adjusted
10 years ago
Paul Klimov
69abbc7ff3
Fallback at `Security::generateRandomKey()` removed
10 years ago