Yii Framework Forum: More Securities Helpers In Yii2 - Yii Framework Forum

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

More Securities Helpers In Yii2

#1 User is offline   darkheir 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 25-July 11

Posted 15 March 2013 - 08:59 AM

I was reading the Laravel 4 documentation and I saw some security stuffs that would be great in Yii2:

  • An helper to create some secure hash in yii. In Yii 1.x the user extensions have to handle it and we see some pretty bad stuff (unsalted md5/sha1). I think of something like
    Hash::generate($password);

    that'll create a bcrypt salted password.
    Hash::check($plainPassword, $hashedPassword)

    could be verifying the password

  • An helper letting you reset the password. This is something really hard to do well and a lot of extension are doing it the wrong way. This helper could generate the temporary random token and send it by mail to reset the password, and then, check that the token is valid for the given email adress and is not expired when the user changes his credentials.

My blog (in french) => http://blog.devsa.org
0

#2 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,607
  • Joined: 17-January 09
  • Location:Russia

Posted 15 March 2013 - 09:52 AM

1. Already in master: https://github.com/y...swordHelper.php
2. Will consider.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#3 User is offline   darkheir 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 25-July 11

Posted 15 March 2013 - 11:39 AM

Thanks for your answer!

For the first i wasn't finding anything about it in the Yii class reference, but then I saw it's in yii since 1.1.14 so it hasn't been stable released yet! I think it's a great add to the framework!
My blog (in french) => http://blog.devsa.org
0

#4 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,607
  • Joined: 17-January 09
  • Location:Russia

Posted 15 March 2013 - 12:44 PM

It certainly is.
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

#5 User is offline   Onman 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 175
  • Joined: 26-December 09
  • Location:The Netherlands

Posted 15 March 2013 - 05:52 PM

View Postsamdark, on 15 March 2013 - 09:52 AM, said:



Wouldn't it be better to change this class to an application component or a component class that needs to be instantiated. This way it can check for the crypt() and blowfish stuff when it is instantiated instead of checking it in each method.
2

#6 User is offline   antoncpu 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 24
  • Joined: 13-February 12

Posted 16 March 2013 - 03:43 AM

Onman +1.

Also it may be useful to have an abstraction or an interface for things related to the password protection.
1

#7 User is offline   darkheir 

  • Junior Member
  • Pip
  • Yii
  • Group: Members
  • Posts: 66
  • Joined: 25-July 11

Posted 16 March 2013 - 04:12 AM

I don't know about instantiate the class, true it's better when you need to perform

checkBlowfish()


but when you don't it useless to have a non static class for hash calculation. For the Interface, I agree yii should provide a password interface letting people define their own way to store passwords.
My blog (in french) => http://blog.devsa.org
0

#8 User is offline   Psih 

  • Standard Member
  • PipPip
  • Yii
  • Group: Members
  • Posts: 114
  • Joined: 30-June 10

Posted 16 March 2013 - 08:20 AM

View Postsamdark, on 15 March 2013 - 09:52 AM, said:

1. Already in master: https://github.com/y...swordHelper.php
2. Will consider.

It's a shame this will not be supported out of the box :(
http://lv.php.net/ma...ef.password.php
0

#9 User is offline   samdark 

  • Having fun
  • Yii
  • Group: Yii Dev Team
  • Posts: 3,607
  • Joined: 17-January 09
  • Location:Russia

Posted 16 March 2013 - 06:24 PM

PHP 5 >= 5.5.0
Yii 1.1 Application Development Cookbook

Enjoying Yii? Star us at github: 1.1 and 2.0.
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users