CSecurityManager
| Name | securityManager |
|---|---|
| Class | CSecurityManager |
| Location | /home/vhosts/app-manager.eu5.org/framework/base/CSecurityManager.php |
CSecurityManager provides private keys, hashing and encryption functions.
CSecurityManager is used by Yii components and applications for security-related purpose. For example, it is used in cookie validation feature to prevent cookie data from being tampered. CSecurityManager is mainly used to protect data from being tampered and viewed. It can generate HMAC and encrypt the data. The private key used to generate HMAC is set by {@link setValidationKey ValidationKey}. The key used to encrypt data is specified by {@link setEncryptionKey EncryptionKey}. If the above keys are not explicitly set, random keys will be generated and used. To protected data with HMAC, call {@link hashData()}; and to check if the data is tampered, call {@link validateData()}, which will return the real data if it is not tampered. The algorithm used to generated HMAC is specified by {@link validation}. To encrypt and decrypt data, call {@link encrypt()} and {@link decrypt()} respectively, which uses 3DES encryption algorithm. Note, the PHP Mcrypt extension must be installed and loaded. CSecurityManager is a core application component that can be accessed via {@link CApplication::getSecurityManager()}.
CSecurityManager is used by Yii components and applications for security-related purpose. For example, it is used in cookie validation feature to prevent cookie data from being tampered. CSecurityManager is mainly used to protect data from being tampered and viewed. It can generate HMAC and encrypt the data. The private key used to generate HMAC is set by {@link setValidationKey ValidationKey}. The key used to encrypt data is specified by {@link setEncryptionKey EncryptionKey}. If the above keys are not explicitly set, random keys will be generated and used. To protected data with HMAC, call {@link hashData()}; and to check if the data is tampered, call {@link validateData()}, which will return the real data if it is not tampered. The algorithm used to generated HMAC is specified by {@link validation}. To encrypt and decrypt data, call {@link encrypt()} and {@link decrypt()} respectively, which uses 3DES encryption algorithm. Note, the PHP Mcrypt extension must be installed and loaded. CSecurityManager is a core application component that can be accessed via {@link CApplication::getSecurityManager()}.
Options
Displaying 1-6 of 6 results.
| Name | Value | Description | Type |
|---|---|---|---|
| hashAlgorithm | 'sha1' | The name of the hashing algorithm to be used by {@link computeHMAC}. See {@link http://php.net/manual/en/function.hash-algos.php hash-algos} for the list of possible hash algorithms. Note that if you are using PHP 5.1.1 or below, you can only use 'sha1' or 'md5'. Defaults to 'sha1', meaning using SHA1 hash algorithm. @since 1.1.3 | string |
| cryptAlgorithm | 'des' | The name of the crypt algorithm to be used by {@link encrypt} and {@link decrypt}. This will be passed as the first parameter to {@link http://php.net/manual/en/function.mcrypt-module-open.php mcrypt_module_open}. This property can also be configured as an array. In this case, the array elements will be passed in order as parameters to mcrypt_module_open. For example, <code>array('rijndael-256', '', 'ofb', '')</code>. Defaults to 'des', meaning using DES crypt algorithm. @since 1.1.3 | mixed |
| behaviors | array() | The behaviors that should be attached to this component. The behaviors will be attached to the component when {@link init} is called. Please refer to {@link CModel::behaviors} on how to specify the value of this property. | array |
| validationKey | null | The key used to generate HMAC @throws CException if the key is empty | string |
| encryptionKey | null | The key used to encrypt/decrypt data. @throws CException if the key is empty | string |
| validation | null | This method has been deprecated since version 1.1.3. Please use {@link hashAlgorithm} instead. - | string |
