P.I.E. Security Team

icon indicating a website link https://paragonie.com/security

icon company Paragon Initiative Enterprises

Results 53 comments of P.I.E. Security Team

Added Spring Boot in Practice by Somnath Musib

You still haven't created the JSON file.

Why not using libsodium for Constant-time Base64?

Correct. This is a pure-PHP implementation, but libsodium's is faster and you should prefer that over ours. Note: We might want to update our code to just use libsodium's if...

Archive Repository?

We're going to be updating the PHP extension soon to add another feature. I'll make a note to audit the feature offerings to ensure it has everything from PECL. (It...

Add support for 'require-trusted-types-for' policy

This is still marked as experimental: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/require-trusted-types-for

setAttribute not working

Please let us know if you're still having problems.

Why that and not just rand() func for random integers?

Because `rand()` is insecure.

Deprecate `v3.public.`

We aren't going to deprecate `v3.public.` until the CNSA permits Ed25519.

"mbstring.func_overload" and "MB_OVERLOAD_STRING" removal from php8

This polyfill doesn't do anything > PHP 7. Set your requirements string to `>= 2` and Composer should deliver a 9.99.99 version on PHP 8.

DECODE V3 PASETO TOKEN

Yes: The table at the top of the page lists the implementations with v3 and/or v4 support: https://paseto.io

Required JSON field name was missing at depth 0 on encryptJSON() in strict mode

There are a couple of limitations with the current JSON field design: 1. The ability to add blind indexes on arbitrary JSON fields (or even compound indexes on the same...