CryptoWrapper¶
-
class
OC\Session\CryptoWrapper¶ - Class CryptoWrapper provides some rough basic level of additional security bystoring the session data in an encrypted form.The content of the session is encrypted using another cookie sent by the browser.One should note that an adversary with access to the source code or the systemmemory is still able to read the original session ID from the users’ request.This thus can not be considered a strong security measure one should considerit as an additional small security obfuscation layer to comply with complianceguidelines.TODO: Remove this in a future release with an approach such as
Source: lib/private/Session/CryptoWrapper.php#51
Constants¶
-
COOKIE_NAME = oc_sessionPassphrase Source: lib/private/Session/CryptoWrapper.php#52
Properties¶
-
protected static property
OC\Session\CryptoWrapper::$config¶ Source: lib/private/Session/CryptoWrapper.php#55 Type: \OCP\IConfig
-
protected static property
OC\Session\CryptoWrapper::$session¶ Source: lib/private/Session/CryptoWrapper.php#57 Type: \OCP\ISession
-
protected static property
OC\Session\CryptoWrapper::$crypto¶ Source: lib/private/Session/CryptoWrapper.php#59 Type: \OCP\Security\ICrypto
-
protected static property
OC\Session\CryptoWrapper::$random¶ Source: lib/private/Session/CryptoWrapper.php#61 Type: \OCP\Security\ISecureRandom
-
protected static property
OC\Session\CryptoWrapper::$passphrase¶ Source: lib/private/Session/CryptoWrapper.php#63 Type: string
Methods¶
-
public
OC\Session\CryptoWrapper::__construct($config, $crypto, $random, $request)¶ Source: Parameters: - $config (
OCP\IConfig) - $crypto (
OCP\Security\ICrypto) - $random (
OCP\Security\ISecureRandom) - $request (
OCP\IRequest)
- $config (
-
public
OC\Session\CryptoWrapper::wrapSession($session)¶ Source: Parameters: - $session (
OCP\ISession)
Returns: - $session (