Menu
In my Yii2 application I am using cookies to store a user referral code. The user knows what their referral code is and I was wondering if it is possible to derive the cookie validation key that is used to hash the string. Also, what would be the potential concerns if the cookie validation key was known?
Here is the link to the Yii2 guide portion on cookies if it helps give more context: http://www.yiiframework.com/doc-2.0/guide-runtime-sessions-cookies.html#cookies
205
By default Yii2 uses SHA-256 to hash those strings. It's pretty mush irreversible. So this is not a security leak.
If somebody had your cookie validation key, they could forge a cookie. That is the real threat, so keep your cookie validation key safe.
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
