Encryption decryption is not successful with cakephp.
Please let me know if you know more.
$this_password=strval($this->data['password']);
$this->request->data['password'] = Security::cipher($this_password,PASS_SEC);
Register the above in the database.
Remove from database and do the following
Seucity::cipher() uses "Vulnerable XOR ciphers according to CakePHP documentation.Therefore, it should not be used for critical and sensitive data.".
They seem to be dealing with passwords, but if it's your own authentication password, you should store irreversible hash values instead of encryption.It is also not enough to simply pass through a hash function, so it is recommended to use the PHP standard password_hash().During authentication, instead of decrypting the value stored in DB and comparing it to the password entered, as shown in the question, compare the result with the hash value stored in DB through password_hash.
If you need to save your password in a recoverable format (for example, you need to save your password for authentication for other applications), cipher() is out of the question, and if you encrypt it with a fixed key, it's almost meaningless.
How to create a secure web application to learn systematically also provides instructions on authentication and password storage, so it is recommended that you read it.
© 2024 OneMinuteCode. All rights reserved.