Class **Phalcon\\Security** =========================== *implements* :doc:`Phalcon\\Di\\InjectionAwareInterface ` This component provides a set of functions to improve the security in Phalcon applications .. code-block:: php request->getPost('login'); $password = $this->request->getPost('password'); $user = Users::findFirstByLogin($login); if ($user) { if ($this->security->checkHash($password, $user->password)) { //The password is valid } } Methods ------- public **setWorkFactor** (*unknown* $workFactor) ... public **getWorkFactor** () ... public **setDI** (:doc:`Phalcon\\DiInterface ` $dependencyInjector) Sets the dependency injector public :doc:`Phalcon\\DiInterface ` **getDI** () Returns the internal dependency injector public **setRandomBytes** (*unknown* $randomBytes) Sets a number of bytes to be generated by the openssl pseudo random generator public *string* **getRandomBytes** () Returns a number of bytes to be generated by the openssl pseudo random generator public *string* **getSaltBytes** () Generate a >22-length pseudo random string to be used as salt for passwords public *string* **hash** (*unknown* $password, [*unknown* $workFactor]) Creates a password hash using bcrypt with a pseudo random salt public *boolean* **checkHash** (*unknown* $password, *unknown* $passwordHash, [*unknown* $maxPassLength]) Checks a plain text password and its hash version to check if the password matches public *boolean* **isLegacyHash** (*unknown* $password, *unknown* $passwordHash) Checks if a password hash is a valid bcrypt's hash public *string* **getTokenKey** ([*unknown* $numberBytes]) Generates a pseudo random token key to be used as input's name in a CSRF check public *string* **getToken** ([*unknown* $numberBytes]) Generates a pseudo random token value to be used as input's value in a CSRF check public *boolean* **checkToken** ([*unknown* $tokenKey], [*unknown* $tokenValue]) Check if the CSRF token sent in the request is the same that the current in session public *string* **getSessionToken** () Returns the value of the CSRF token in session public **computeHmac** (*unknown* $data, *unknown* $key, *unknown* $algo, [*unknown* $raw]) string \\Phalcon\\Security::computeHmac(string $data, string $key, string $algo, bool $raw = false)