Security Utility

    • class Security
    • The handles basic security measures such as providing methods forhashing and encrypting data.
    • static Cake\Utility\Security::decrypt($cipher, $key, $hmacSalt = null)
    • Encrypt $text using AES-256. The $key should be a value with alots of variance in the data much like a good password. The returned resultwill be the encrypted value with an HMAC checksum.

    Warning

    The extension has been deprecated inPHP7.1

    This method should never be used to store passwords. Instead you should usethe one way hashing methods provided byUtility\Security::hash(). An example use would be:

    If you do not supply an HMAC salt, the Security.salt value will be used.Encrypted values can be decrypted using.

    If the value cannot be decrypted due to changes in the key or HMAC saltfalse will be returned.

    If you are upgrading an application from CakePHP 2.x, data encrypted in 2.x isnot compatible with openssl. This is because the encrypted data is not fully AEScompliant. If you don’t want to go through the trouble of re-encrypting yourdata, you can force CakePHP to use mcrypt using the engine() method:

    The above will allow you to seamlessly read data from older versions of CakePHP,and encrypt new data to be compatible with OpenSSL.

    • static Cake\Utility\Security::hash($string, $type = NULL, $salt = false)
    • Create a hash from string using given method. Fallback on nextavailable method. If $salt is set to true, the application’s saltvalue will be used:

    The hash() method supports the following hashing strategies:

    • md5
    • sha256
      And any other hash algorithmn that PHP’s hash() function supports.

    You should not be using for passwords in new applications.Instead you should use the DefaultPasswordHasher class which uses bcryptby default.

    • static Cake\Utility\Security::randomBytes($length)

    • Get $length number of bytes from a secure random source. This function drawsdata from one of the following sources:

    • PHP’s random_bytes function.

    • openssl_random_pseudo_bytes from the SSL extension.
      If neither source is available a warning will be emitted and an unsafe valuewill be used for backwards compatibility reasons.

    New in version 3.2.3: The randomBytes method was added.

    • static Cake\Utility\Security::randomString($length)