问题描述
我想创建一个函数或类似Cron的东西,该东西执行带有密码的东西(在Laravel中).我有两个解决方案.但是哪个更好用:
I want to create a function or something like a Cron that executes a link (in Laravel), with something like a password. I've got two solutions. But which one is better to use:
选项1(哈希):
<?php
// Page 1
$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);
// <-- Insert go to page and send GET with $key code here
// Page 2
$salt = "my-random-hash";
$key = hash('sha256', date('Y-m-d').$salt);
if ($key == $pageOneKey) {
// Execute some code
}
选项2(加密):
<?php
// Page 1
$key = Crypt::encrypt(date('Y-m-d'));
// <-- Insert go to page and send GET with $key code here
// Page 2
$key = date('Y-m-d');
$pageOneKey = Crypt::decrypt($key);
if ($key == $pageOneKey) {
// Execute some code
}
此代码已被广泛描述.使用更好的意思是更安全/更安全,或者是那样的tr.谢谢!
This code has been described broadly. With better to use i mean safer / more secure, or something in that trance. Thanks!
推荐答案
您的第二个选项不是bcrypt. Laravel的Crypt类使用AES加密.
如文档中 所述:
Your second option isn't bcrypt. Laravel's Crypt class uses AES encryption.
As stated in the documentation:
据我所知,您不需要解密数据就可以反转加密.因此,您绝对应该在第一个选项中使用像sha256这样的哈希算法.但是Laravel已经提供了一个很好的哈希类,所以为什么不使用它.
As far as I can tell you don't need to be able to decrypt the data, to reverse the encryption. Therefore you should definitely use a hashing algorithm like sha256 in your first option. However Laravel ships with a pretty good hashing class already so why not use that.
$hash = Hash::make('secret');
$input = 'secret';
if(Hash::check($input, $hash)){
// the input matches the secret
}
注意,您必须使用Hash::check()进行比较.您不能只使用Hash::make()创建另一个哈希并进行比较.生成的哈希包含一个随机成分,因此,即使它是相同的秘密,Hash::make()每次也会生成不同的哈希.
Note that you have to use Hash::check() for comparing. You can't just create another hash with Hash::make() and compare them. The generated hash contains a random component, so even if it's the same secret, Hash::make() will produce a different hash every time.
这篇关于laravel中的Bcrypt vs Hash的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!