Download the PHP package yiisoft/security without Composer
On this page you can find all versions of the php package yiisoft/security. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Download yiisoft/security
More information about yiisoft/security
Files in yiisoft/security
Package security
Short Description Security utilities
License BSD-3-Clause
Homepage https://www.yiiframework.com/
FAQ
Example:
In general, it is recommended to use always a project to download your libraries. In an application normally there is more than one library needed.
- Some hosting areas are not accessible by a terminal or SSH. Then it is not possible to use Composer.
- To use Composer is sometimes complicated. Especially for beginners.
- Composer needs much resources. Sometimes they are not available on a simple webspace.
- If you are using private repositories you don't need to share your credentials. You can set up everything on our site and then you provide a simple download link to your team member.
- Simplify your Composer build process. Use our own command line tool to download the vendor folder as binary. This makes your build process faster and you don't need to expose your credentials for private repositories.
Informations about the package security
Yii Security
Security package provides a set of classes to handle common security-related tasks:
- Random values generation
- Password hashing and validation
- Encryption and decryption
- Data tampering prevention
- Masking token length
Requirements
- PHP 8.0 or higher.
hashPHP extension.opensslPHP extension.randomPHP extension.
Installation
General usage
Random values generation
In order to generate a string that is 42 characters long use:
The following extras are available via PHP directly:
random_bytes()for bytes. Note that output may not be ASCII.random_int()for integers.
Password hashing and validation
Working with passwords includes two steps. Saving password hashes:
Validating password against the hash:
Encryption and decryption by password
Encrypting data:
Decrypting it:
Encryption and decryption by key
Encrypting data:
Decrypting it:
Data tampering prevention
MAC signing could be used in order to prevent data tampering. The $key should be present at both sending and receiving
sides. At the sending side:
At the receiving side:
Masking token length
Masking a token helps to mitigate BREACH attack by randomizing how token outputted on each request. A random mask applied to the token making the string always unique.
In order to mask a token:
In order to get original value from the masked one:
Native PHP functionality
Additionally to this library methods, there is a set of handy native PHP methods.
Timing attack resistant string comparison
Comparing strings as usual is not secure when dealing with user inputed passwords or key phrases. Usual string comparison return as soon as a difference between the strings is found so attacker could efficiently brute-force character by character going to the next one as soon as response time increases.
There is a special function in PHP that compares strings in a constant time:
Testing
Unit testing
The package is tested with PHPUnit. To run tests:
Mutation testing
The package tests are checked with Infection mutation framework. To run it:
Static analysis
The code is statically analyzed with Psalm. To run static analysis:
License
The Yii Security is free software. It is released under the terms of the BSD License.
Please see LICENSE for more information.
Maintained by Yii Software.
All versions of security with dependencies
ext-hash Version *
ext-openssl Version *
yiisoft/strings Version ^2.0