diff --git a/components/security/secure_tools.rst b/components/security/secure_tools.rst
index 2ee5a98b920..924b0795c29 100644
--- a/components/security/secure_tools.rst
+++ b/components/security/secure_tools.rst
@@ -54,7 +54,15 @@ to work correctly. Just pass a file name to enable it::
.. note::
- If you're using the Symfony Framework, you can access a secure random
- instance directly from the container: its name is ``security.secure_random``.
+ If you're using the Symfony Framework, you can get a secure random number
+ generator via the ``security.secure_random`` service.
+
+.. tip::
+
+ The ``nextBytes()`` method returns a binary string which may contain the
+ ``\0`` character. This can cause troubles in lots of common scenarios, such
+ as storing this value in a database or including it as part of the URL. The
+ solution is to hash the value returned by ``nextBytes()`` (to do that, you
+ can use a simple ``md5()`` PHP function).
.. _`Timing attack`: http://en.wikipedia.org/wiki/Timing_attack
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy