PHP Class lithium\storage\session\strategy\Hmac

Example configuration: Session::config(array('default' => array( 'adapter' => 'Cookie', 'strategies' => array('Hmac' => array('secret' => 'foobar')) ))); This will configure the HMAC strategy to be used for all Session operations with the default named configuration. A hash-based message authentication code (HMAC) will be calculated for all data stored in your cookies, and will be compared to the signature stored in your cookie data. If the two do not match, then your data has been tampered with (or you have modified the data directly _without_ passing through the Session class, which amounts to the same), then a catchable RuntimeException is thrown. Please note that this strategy is very finnicky, and is so by design. If you attempt to access or modify the stored data in any way other than through the Session class configured with the Hmac strategy with the properly configured secret, then it will probably blow up.
See link: Wikipedia: Hash-based Message Authentication Code
Inheritance: extends lithium\core\Object
Afficher le fichier Open project: unionofrad/lithium

Protected Properties

Свойство Type Description
$_secret The HMAC secret.

Méthodes publiques

Méthode Description
__construct ( array $config = [] ) : void Constructor.
delete ( mixed $data, array $options = [] ) : array Delete strategy method.
read ( array $data, array $options = [] ) : array Read strategy method.
write ( mixed $data, array $options = [] ) : array Write strategy method.

Méthodes protégées

Méthode Description
_signature ( mixed $data, null | string $secret = null ) : string Calculate the HMAC signature based on the data and a secret key.

Method Details

__construct() public méthode

Constructor.
public __construct ( array $config = [] ) : void
$config array Configuration array. Will throw an exception if the 'secret' configuration key is not set.
Résultat void

_signature() protected static méthode

Calculate the HMAC signature based on the data and a secret key.
protected static _signature ( mixed $data, null | string $secret = null ) : string
$data mixed
$secret null | string Secret key for HMAC signature creation.
Résultat string HMAC signature.

delete() public méthode

Delete strategy method.
See also: lithium\storage\Session
See also: lithium\core\Adaptable::config()
See link: PHP Manual: hash_hmac()
public delete ( mixed $data, array $options = [] ) : array
$data mixed The data to be signed.
$options array Options for this method.
Résultat array Data & signature.

read() public méthode

Validates the HMAC signature of the stored data. If the signatures match, then the data is safe and will be passed through as-is. If the stored data being read does not contain a __signature field, a MissingSignatureException is thrown. When catching this exception, you may choose to handle it by either writing out a signature (e.g. in cases where you know that no pre-existing signature may exist), or you can blackhole it as a possible tampering attempt.
public read ( array $data, array $options = [] ) : array
$data array The data being read.
$options array Options for this method.
Résultat array Validated data.

write() public méthode

Adds an HMAC signature to the data. Note that this will transform the passed $data to an array, and add a __signature key with the HMAC-calculated value.
See also: lithium\storage\Session
See also: lithium\core\Adaptable::config()
See link: PHP Manual: hash_hmac()
public write ( mixed $data, array $options = [] ) : array
$data mixed The data to be signed.
$options array Options for this method.
Résultat array Data & signature.

Property Details

$_secret protected_oe static_oe property

The HMAC secret.
protected static $_secret