Cryptography

Generating Pseudorandom Data
Encryption and Decryption
Confirming Data Integrity

In this section we'll review the following security aspects:

Generating random data
Encryption and Decryption
Confirming Data Integrity

Generating Pseudorandom Data

Pseudorandom data is useful in many situations. For example when resetting a password via email you need to generate a token, save it to the database, and send it via email to end user which in turn will allow them to prove ownership of that account. It is very important that this token be unique and hard to guess, else there is a possibility that attacker can predict the token's value and reset the user's password.

Yii security helper makes generating pseud

登录查看完整内容