-
Notifications
You must be signed in to change notification settings - Fork 327
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[WIP] Use external libraries for encrypt #698
base: 3.4/develop
Are you sure you want to change the base?
Conversation
We are encouraging the use of external, well-maintained libraries.
Each driver should have its own testcase to assert objects are well configured.
8d47686
to
43646f6
Compare
I'll have a proper look tomorrow/friday but from a quick skim this looks reasonable, thanks for the work. I'd keep the method names the same - we're already pushing a chunk of breaking change and I don't think there's a huge benefit to renaming. I would suggest removing the ability to encrypt from Encrypt_Legacy altogether. It could either not have the End users who really don't care about security can always reimplement an |
Thanks @acoulton for the quick review. I will resume work once you have a deeper look into this.
Alright.
I suggest that we take a softer approach by raising an error within trigger_error('Legacy driver is not considered secure anymore. Use Defuse driver instead.', E_USER_WARNING); Users need to silence it manually with Thanks. |
This is a work-in-progress PR to remove crypto ops from the Kohana
Encrypt
class and instead interface it with external libraries.Related to #686
Changes so far:
defuse/php-encryption
Encrypt::instance()->encrypt($plaintext);
encode/decode
becameencrypt/decrypt
but this can be reverted backKohana_Crypto
interface and should name their classes in the formatEncrypt_Drivername
Encrypt
is still there, marked as deprecated, namedEncrypt_Legacy
to facilitate migration of dataThis is still work in progress, but I wish I'd have a feedback sooner to adjust accordingly. I'd rebase/squash some commits when done.
Thank you for reviewing.
Cheers!