Commit64460d5

committed

Added a tip about hashing the result of nextBytes()

1 parent9cf3b1e commit64460d5Copy full SHA for 64460d5

File tree

-2

lines changed

-2

lines changed

Lines changed: 9 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,14 @@ to work correctly. Just pass a file name to enable it::`
`54`	`54`
`55`	`55`	`..note::`
`56`	`56`
`57`		`- If you're using the Symfony Framework, you can access a secure random`
`58`		- instance directly from the container: its name is ``security.secure_random``.
	`57`	`+ If you're using the Symfony Framework, you can get a secure random number`
	`58`	+ generator via the ``security.secure_random`` service.
	`59`	`+`
	`60`	`+..tip::`
	`61`	`+`
	`62`	+ The ``nextBytes()`` method returns a binary string which may contain the
	`63`	+ ``\0`` character. If you store this value in a database or include it as
	`64`	+ part of the URL, make sure to hash the value returned by ``nextBytes()``
	`65`	+ (to do that, you can use a simple ``md5()`` PHP function).
`59`	`66`
`60`	`67`	.. _`Timing attack`:http://en.wikipedia.org/wiki/Timing_attack

Comments

(0)