PRADO 3.0.6 : Vue détaillée de TSecurityManager.php

TSecurityManager class file

Author:	Qiang Xue <qiang.xue@gmail.com>
Copyright:	Copyright © 2005 PradoSoft
License:	http://www.pradosoft.com/license/
Version:	$Id: TSecurityManager.php 1397 2006-09-07 07:55:53Z wei $
Poids:	282 lignes (9 kb)
Inclus ou requis:	1 fois
Référencé:	0 fois
Nécessite:	0 fichiers

Définit 2 classes

TSecurityManager:: (15 méthodes):
  init()
  generateRandomKey()
  getValidationKey()
  setValidationKey()
  getEncryptionKey()
  setEncryptionKey()
  getValidation()
  setValidation()
  getEncryption()
  setEncryption()
  encrypt()
  decrypt()
  hashData()
  validateData()
  computeHMAC()

TSecurityManagerValidationMode:: (0 méthodes):

Classe: TSecurityManager - X-Ref

TSecurityManager class

TSecurityManager provides private keys, hashing and encryption
functionalities that may be used by other PRADO components,
such as viewstate persister, cookies.

TSecurityManager is mainly used to protect data from being tampered
and viewed. It can generate HMAC and encrypt the data.
The private key used to generate HMAC is set by {@link setValidationKey ValidationKey}.
The key used to encrypt data is specified by {@link setEncryptionKey EncryptionKey}.
If the above keys are not explicitly set, random keys will be generated
and used.

To prefix data with an HMAC, call {@link hashData()}.
To validate if data is tampered, call {@link validateData()}, which will
return the real data if it is not tampered.
The algorithm used to generated HMAC is specified by {@link setValidation Validation}.

To encrypt and decrypt data, call {@link encrypt()} and {@link decrypt()}
respectively. The encryption algorithm can be set by {@link setEncryption Encryption}.

Note, to use encryption, the PHP Mcrypt extension must be loaded.

init($config) X-Ref

Initializes the module.
The security module is registered with the application.

param: TXmlElement initial module configuration

generateRandomKey() X-Ref

Generates a random key.

getValidationKey() X-Ref

return: string the private key used to generate HMAC.

setValidationKey($value) X-Ref

param: string the key used to generate HMAC

getEncryptionKey() X-Ref

return: string the private key used to encrypt/decrypt data.

setEncryptionKey($value) X-Ref

param: string the key used to encrypt/decrypt data.

getValidation() X-Ref

return: TSecurityManagerValidationMode hashing algorithm used to generate HMAC. Defaults to TSecurityManagerValidationMode::SHA1.

setValidation($value) X-Ref

param: TSecurityManagerValidationMode hashing algorithm used to generate HMAC.

getEncryption() X-Ref

return: string the algorithm used to encrypt/decrypt data. Defaults to '3DES'.

setEncryption($value) X-Ref

encrypt($data) X-Ref

Encrypts data with {@link getEncryptionKey EncryptionKey}.

param: string data to be encrypted.
return: string the encrypted data

decrypt($data) X-Ref

Decrypts data with {@link getEncryptionKey EncryptionKey}.

param: string data to be decrypted.
return: string the decrypted data

hashData($data) X-Ref

Prefixes data with an HMAC.

param: string data to be hashed.
return: string data prefixed with HMAC

validateData($data) X-Ref

Validates if data is tampered.

param: string data to be validated. The data must be previously
return: string the real data with HMAC stripped off. False if the data

computeHMAC($data) X-Ref

Computes the HMAC for the data with {@link getValidationKey ValidationKey}.

param: string data to be generated HMAC
return: string the HMAC for the data

Classe: TSecurityManagerValidationMode - X-Ref

TSecurityManagerValidationMode class.
TSecurityManagerValidationMode defines the enumerable type for the possible validation modes
that can be used by {@link TSecurityManager}.

The following enumerable values are defined:
- MD5: an MD5 hash is generated from the data and used for validation.
- SHA1: an SHA1 hash is generated from the data and used for validation.

Code source de PRADO 3.0.6

/framework/Security/ -> TSecurityManager.php (sommaire)

Définit 2 classes