Permalink
Browse files

Update docs for Security::cipher()

This method is not cryptographically strong. Note that, and the
issues related to suhosin.

Related to #GH-1100
  • Loading branch information...
1 parent 43b77bc commit 06e7ba66c92e12cad5c9f97ae3000612326c2e05 @markstory markstory committed May 7, 2013
Showing with 9 additions and 1 deletion.
  1. +9 −1 lib/Cake/Utility/Security.php
@@ -168,11 +168,19 @@ public static function setCost($cost) {
}
/**
- * Encrypts/Decrypts a text using the given key.
+ * Runs $text through a XOR cipher.
+ *
+ * *Note* This is not a cryptographically strong method and should not be used
+ * for sensitive data. Additionally this method does *not* work in environments
+ * where suhosin is enabled.
+ *
+ * Instead you should use Security::rijndael() when you need strong
+ * encryption.
*
* @param string $text Encrypted string to decrypt, normal string to encrypt
* @param string $key Key to use
* @return string Encrypted/Decrypted string
+ * @deprecated This method will be removed in 3.x
*/
public static function cipher($text, $key) {
if (empty($key)) {

0 comments on commit 06e7ba6

Please sign in to comment.