Hashing and encryption
When dealing with user information, it's essential to be mindful of best security practices in order to ensure that user information such as passwords is stored in a way that if your database is compromised, the user's bare passwords are not exposed in plain text. As shown in Chapter 3, Migrations, DAO, and Query Building, we're using the native PHP password_hash() and password_verify() functions to encrypt and decrypt our users' passwords. While these standards are easy to use, in the development of your application, you may find it easier to take advantage of the Yii2 security component used to hash user passwords and for the encryption of sensitive data:
Yii::$app->getSecurity();
Hashing and verifying passwords
With Yii2, we can hash and verify user passwords using the generatePasswordHash() and validatePassword() methods of the security component. Like the password_hash() and password_verify() functions, the generatePasswordHash() and validatePassword() methods...
