From 64460d53968818be036b15fc9ba005355a0decef Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Thu, 2 Jul 2015 11:41:19 +0200
Subject: [PATCH 1/2] Added a tip about hashing the result of nextBytes()

---
 components/security/secure_tools.rst | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/components/security/secure_tools.rst b/components/security/secure_tools.rst
index 2ee5a98b920..c0e6965efb9 100644
--- a/components/security/secure_tools.rst
+++ b/components/security/secure_tools.rst
@@ -54,7 +54,14 @@ to work correctly. Just pass a file name to enable it::
 
 .. note::
 
-    If you're using the Symfony Framework, you can access a secure random
-    instance directly from the container: its name is ``security.secure_random``.
+    If you're using the Symfony Framework, you can get a secure random number
+    generator via the ``security.secure_random`` service.
+
+.. tip::
+
+    The ``nextBytes()`` method returns a binary string which may contain the
+    ``\0`` character. If you store this value in a database or include it as
+    part of the URL, make sure to hash the value returned by ``nextBytes()``
+    (to do that, you can use a simple ``md5()`` PHP function).
 
 .. _`Timing attack`: http://en.wikipedia.org/wiki/Timing_attack

From 1a4b5fab1992c931ca271d53a16e9836e1b46dce Mon Sep 17 00:00:00 2001
From: Javier Eguiluz <javier.eguiluz@gmail.com>
Date: Fri, 10 Jul 2015 13:19:25 +0200
Subject: [PATCH 2/2] Reword

---
 components/security/secure_tools.rst | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/components/security/secure_tools.rst b/components/security/secure_tools.rst
index c0e6965efb9..924b0795c29 100644
--- a/components/security/secure_tools.rst
+++ b/components/security/secure_tools.rst
@@ -60,8 +60,9 @@ to work correctly. Just pass a file name to enable it::
 .. tip::
 
     The ``nextBytes()`` method returns a binary string which may contain the
-    ``\0`` character. If you store this value in a database or include it as
-    part of the URL, make sure to hash the value returned by ``nextBytes()``
-    (to do that, you can use a simple ``md5()`` PHP function).
+    ``\0`` character. This can cause troubles in lots of common scenarios, such
+    as storing this value in a database or including it as part of the URL. The
+    solution is to hash the value returned by ``nextBytes()`` (to do that, you
+    can use a simple ``md5()`` PHP function).
 
 .. _`Timing attack`: http://en.wikipedia.org/wiki/Timing_attack

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/5472.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/5472.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/5472.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/5472.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>