8000 feature #5472 Added a tip about hashing the result of nextBytes() (ja… · symfony/symfony-docs@c520e77 · GitHub
[go: up one dir, main page]

Skip to content

Commit c520e77

Browse files
committed
feature #5472 Added a tip about hashing the result of nextBytes() (javiereguiluz)
This PR was merged into the 2.3 branch. Discussion ---------- Added a tip about hashing the result of nextBytes() | Q | A | ------------- | --- | Doc fix? | no | New docs? | yes | Applies to | all | Fixed tickets | #4328 Commits ------- 1a4b5fa Reword 64460d5 Added a tip about hashing the result of nextBytes()
2 parents f7ccb0c + 1a4b5fa commit c520e77

File tree

1 file changed

+10
-2
lines changed

1 file changed

+10
-2
lines changed

components/security/secure_tools.rst

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,15 @@ to work correctly. Just pass a file name to enable it::
5454

5555
.. note::
5656

57-
If you're using the Symfony Framework, you can access a secure random
58-
instance directly from the container: its name is ``security.secure_random``.
57+
If you're using the Symfony Framework, you can get a secure random number
58+
generator via the ``security.secure_random`` service.
59+
60+
.. tip::
61+
62+
The ``nextBytes()`` method returns a binary string which may contain the
63+
``\0`` character. This can cause troubles in lots of common scenarios, such
64+
as storing this value in a database or including it as part of the URL. The
65+
solution is to hash the value returned by ``nextBytes()`` (to do that, you
66+
can use a simple ``md5()`` PHP function).
5967

6068
.. _`Timing attack`: http://en.wikipedia.org/wiki/Timing_attack

0 commit comments

Comments
 (0)
0