From 4a2918a33c756ac7cc9defc2e6acd371e4412af6 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Wed, 5 Feb 2014 01:03:46 +0200 Subject: Integrate CI_Encryption into the framework TODO: Add documentation in user_guide_src/source/libraries/encryption.rst --- user_guide_src/source/installation/upgrade_200.rst | 6 +++--- user_guide_src/source/installation/upgrade_300.rst | 19 ++++++++++++++++++- 2 files changed, 21 insertions(+), 4 deletions(-) (limited to 'user_guide_src/source/installation') diff --git a/user_guide_src/source/installation/upgrade_200.rst b/user_guide_src/source/installation/upgrade_200.rst index 29f44bd9e..948b1bc58 100644 --- a/user_guide_src/source/installation/upgrade_200.rst +++ b/user_guide_src/source/installation/upgrade_200.rst @@ -50,11 +50,11 @@ to :: Step 4: Update stored encrypted data ==================================== -.. note:: If your application does not use the Encryption library, does +.. note:: If your application does not use the Encrypt library, does not store Encrypted data permanently, or is on an environment that does not support Mcrypt, you may skip this step. -The Encryption library has had a number of improvements, some for +The Encrypt library has had a number of improvements, some for encryption strength and some for performance, that has an unavoidable consequence of making it no longer possible to decode encrypted data produced by the original version of this library. To help with the @@ -65,7 +65,7 @@ replace stale encrypted data with fresh in your applications, either on the fly or en masse. Please read `how to use this -method <../libraries/encryption.html#legacy>`_ in the Encryption library +method <../libraries/encrypt.html#legacy>`_ in the Encrypt library documentation. Step 5: Remove loading calls for the compatibility helper. diff --git a/user_guide_src/source/installation/upgrade_300.rst b/user_guide_src/source/installation/upgrade_300.rst index 88bb11178..94385978e 100644 --- a/user_guide_src/source/installation/upgrade_300.rst +++ b/user_guide_src/source/installation/upgrade_300.rst @@ -318,7 +318,7 @@ The SHA1 library The previously deprecated SHA1 library has been removed, alter your code to use PHP's native ``sha1()`` function to generate a SHA1 hash. -Additionally, the ``sha1()`` method in the :doc:`Encryption Library <../libraries/encryption>` has been removed. +Additionally, the ``sha1()`` method in the :doc:`Encrypt Library <../libraries/encrypt>` has been removed. The EXT constant ================ @@ -333,6 +333,23 @@ Smiley helper js_insert_smiley() :doc:`Smiley Helper <../helpers/smiley_helper>` function ``js_insert_smiley()`` has been deprecated since CodeIgniter 1.7.2 and is now removed. You'll need to switch to ``smiley_js()`` instead. +The Encrypt library +=================== + +Following numerous vulnerability reports, the :doc:`Encrypt Library <../libraries/encrypt>` has +been deprecated and a new, :doc:`Encryption Library <../libraries/encryption>` is added to take +its place. + +The new library requires either the `MCrypt extension `_ or PHP 5.3.3 and +the `OpenSSL extension `_. While this might be rather inconvenient, it is +a requirement that allows us to have properly implemented cryptographic functions. + +.. note:: The :doc:`Encrypt Library <../libraries/encrypt>` is still available for the purpose + of keeping backwards compatibility. + +.. important:: You are strongly encouraged to switch to the new :doc:`Encryption Library + <../libraries/encryption>` as soon as possible! + Database drivers 'mysql', 'sqlite', 'mssql', 'pdo/dblib' ======================================================== -- cgit v1.2.3-24-g4f1b