New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix #87: security helper converted into component and improved #4089
Changes from 7 commits
db0beb6
54ac875
2bab625
63c7a4c
e6f7d9b
c86db26
47f8eaf
0daf67d
4a47a59
4768dcd
8465962
4063502
4ce4707
772667f
5a42985
25a3637
052ae83
69abbc7
84cbf19
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -72,3 +72,21 @@ Upgrade from Yii 2.0 Beta | |
|
||
* `mail` component was renamed to `mailer`, `yii\log\EmailTarget::$mail` was renamed to `yii\log\EmailTarget::$mailer`. | ||
Please update all references in the code and config files. | ||
|
||
* Static helper `yii\helpers\Security` has been converted into an application component. You should change all usage of | ||
its methods to a new syntax, for example: instead of `yii\helpers\Security::hashData()` use `Yii::$app->getSecurity()->hashData()`. | ||
If you have used `yii\helpers\Security` for encryption or hash generating, you need to explicitly configure 'security' | ||
component for the legacy code support in following way: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. To make more clear that the following is not recommended but only for apps that must reuse cyphertexts generated with the previous version: Yii has upgraded its default encryption and hash parameters since Yii 2.0 Beta. If you need to decrypt/validate data that was encrypted/hashed before this upgrade, use the following configuration of the 'security' component: There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Applied. |
||
``` | ||
return [ | ||
'components' => [ | ||
'security' => [ | ||
'cryptBlockSize' => 16, | ||
'cryptKeySize' => 24, | ||
'derivationIterations' => 1000, | ||
], | ||
// ... | ||
], | ||
// ... | ||
]; | ||
``` | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. could add another note:
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Yes but insert "and re-encrypt/re-hash using the 'security' component" at end. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
\yii\helpers has to be removed in this document.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixed