Subsequently when user wants to read the data: // $secretKey is obtained from user input, $encryptedData is from the database $encryptedData = Yii::$app->getSecurity()->encryptByPassword($data, $secretKey) The data is passed through the encryption function so that only the person which has the secret key will be able to decrypt it.įor example, we need to store some information in our database but we need to make sure only the user who has the secret key can view it (even if the application database is compromised): // $data and $secretKey are obtained from the form Yii provides convenient helper functions that allow you to encrypt/decrypt data using a secret key. Yii security helper makes generating pseudorandom data simple: $key = Yii::$app->getSecurity()->generateRandomString() It is very important that this token be unique and hard to guess, else there is a possibility that attackerĬan predict the token's value and reset the user's password. Token, save it to the database, and send it via email to end user which in turn will allow them to prove ownership of For example when resetting a password via email you need to generate a Pseudorandom data is useful in many situations. In this section we'll review the following security aspects:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |