Class TSecurityManager
TSecurityManager class
TSecurityManager provides private keys, hashing and encryption functionalities that may be used by other PRADO components, such as viewstate persister, cookies.
TSecurityManager is mainly used to protect data from being tampered and viewed. It can generate HMAC and encrypt the data. The private key used to generate HMAC is set by setValidationKey ValidationKey. The key used to encrypt data is specified by setEncryptionKey EncryptionKey. If the above keys are not explicitly set, random keys will be generated and used.
To prefix data with an HMAC, call TSecurityManager::hashData()
. To validate if data is
tampered, call TSecurityManager::validateData()
, which will return the real data if it is
not tampered. The algorithm used to generated HMAC is specified by setValidation Validation.
To encrypt and decrypt data, call TSecurityManager::encrypt()
and TSecurityManager::decrypt()
respectively. The encryption algorithm can be set by setEncryption
Encryption.
Note, to use encryption, the PHP Mcrypt extension must be loaded.
- TComponent
-
TApplicationComponent
-
TModule implements IModule
-
TSecurityManager
Copyright: Copyright © 2005-2014 PradoSoft
License: http://www.pradosoft.com/license/
Author: Qiang Xue <qiang.xue@gmail.com>
Since: 3.0
Located at Security/TSecurityManager.php
public
|
#
init(
Initializes the module. The security module is registered with the application. |
protected
|
|
public
string
|
|
public
|
|
public
string
|
|
public
|
|
public
string
|
#
getValidation( )
This method has been deprecated since version 3.2.1. Please use |
public
string
|
|
public
|
#
setValidation(
This method has been deprecated since version 3.2.1. Please use |
public
|
|
public
string
|
#
getEncryption( )
This method has been deprecated since version 3.2.1. Please use |
public
|
#
setEncryption( string $value )
This method has been deprecated since version 3.2.1. Please use |
public
mixed
|
|
public
|
#
setCryptAlgorithm( mixed $value )
Sets the crypt algorithm (also known as cipher or cypher) that will be used
for |
public
string
|
|
public
string
|
|
protected
resource
|
|
public
string
|
|
public
string
|
|
protected
string
|
getID(),
setID()
|
getApplication(),
getRequest(),
getResponse(),
getService(),
getSession(),
getUser(),
publishAsset(),
publishFilePath()
|
string |
STATE_VALIDATION_KEY |
'prado:securitymanager:validationkey' |
|
string |
STATE_ENCRYPTION_KEY |
'prado:securitymanager:encryptionkey' |
GLOBAL_RAISE_EVENT_LISTENER
|