New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[security] introduce sensitive value object. #79
Conversation
@mtudor just added some more tests. Here you could look at real life examples:
working on example for symfony bundle and sandbox |
…oduce-sensitive-value-object
@@ -143,6 +145,8 @@ specific hashes from the tokens. After all is prepared, finally we start the cap | |||
The main purpose of using tokens is to hide any sensitive\guessable information from a spying user. | |||
All a spying user sees is the random hash so it would be a bit hard to hack your payment process. | |||
|
|||
_**Attention**: All sensitive values must not be passed directly but wrapped by `SensitiveValue` class. That's required to ensure it would not saved anywhere accidentally. For more info read [dedicated chapter](working-with-sensitive-information.md)._ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it would not save not saved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or it would not be saved
…object [WIP][security] introduce sensitive value object.
it fixes #78
The workflow:
TODO:
add test for __cloneadd test for ArrayObject::toUnsafeArray()update all currently supported payment to use this object.update docs