php/yii2
1
0
Fork 0
mirror of https://github.com/yiisoft/yii2.git synced 2025-11-04 14:46:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

Upgrade note about Security updated

Browse Source
This commit is contained in:
Paul Klimov
2014-06-27 23:33:16 +03:00
parent 5a42985750
commit 25a3637709
2 changed files with 4 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
framework/UPGRADE.md
View File

@ -84,6 +84,9 @@ Upgrade from Yii 2.0 Beta
'cryptBlockSize' => 16, 'cryptBlockSize' => 16,
'cryptKeySize' => 24, 'cryptKeySize' => 24,
'derivationIterations' => 1000, 'derivationIterations' => 1000,
'deriveKeyStrategy' => 'hmac', // for PHP version < 5.5.0
//'deriveKeyStrategy' => 'pbkdf2', // for PHP version >= 5.5.0
'useDeriveKeyUniqueSalt' => false,
], ],
// ... // ...
], ],

2
framework/base/Security.php
View File

@ -79,7 +79,7 @@ class Security extends Component
/** /**
* @var boolean whether to generate unique salt while deriving encryption key. * @var boolean whether to generate unique salt while deriving encryption key.
* If enabled (recommended) this option increases encrypted text length, but provide more security. * If enabled (recommended) this option increases encrypted text length, but provide more security.
* If disabled this option reduces encrypted text length, but also reduce security. * If disabled this option reduces encrypted text length, but also reduces security.
*/ */
public $useDeriveKeyUniqueSalt = true; public $useDeriveKeyUniqueSalt = true;