From 06e7ba66c92e12cad5c9f97ae3000612326c2e05 Mon Sep 17 00:00:00 2001
From: mark_story <mark@mark-story.com>
Date: Mon, 6 May 2013 23:03:20 -0400
Subject: [PATCH] Update docs for Security::cipher()

This method is not cryptographically strong. Note that, and the
issues related to suhosin.

Related to #GH-1100
---
 lib/Cake/Utility/Security.php | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/Cake/Utility/Security.php b/lib/Cake/Utility/Security.php
index 390819f93..57d0e0af8 100644
--- a/lib/Cake/Utility/Security.php
+++ b/lib/Cake/Utility/Security.php
@@ -168,11 +168,19 @@ class Security {
 	}
 
 /**
- * Encrypts/Decrypts a text using the given key.
+ * Runs $text through a XOR cipher.
+ *
+ * *Note* This is not a cryptographically strong method and should not be used
+ * for sensitive data. Additionally this method does *not* work in environments
+ * where suhosin is enabled.
+ *
+ * Instead you should use Security::rijndael() when you need strong
+ * encryption.
  *
  * @param string $text Encrypted string to decrypt, normal string to encrypt
  * @param string $key Key to use
  * @return string Encrypted/Decrypted string
+ * @deprecated This method will be removed in 3.x
  */
 	public static function cipher($text, $key) {
 		if (empty($key)) {