本文介绍了Rails中签名和加密的cookie有什么区别?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 限时删除!! ActionDispatch :: Cookies 的文档对已签名的Cookie和加密的Cookie进行了几乎相同的描述。似乎两者都使用 secrets.secret_key_base 来防止客户端篡改。 http://api.rubyonrails.org/classes/ActionDispatch/Cookies.htmlThe documentation of ActionDispatch::Cookies gives nearly identical descriptions for both signed cookies and encrypted cookies. It appears that both use secrets.secret_key_base to prevent client-side tampering. http://api.rubyonrails.org/classes/ActionDispatch/Cookies.html $ b来读取$ bcookies.signed[:user_id] = current_user.id 加密的cookieEncrypted cookies $ b来读取$ bcookies.encrypted[:discount] = 45 我的问题是:两者之间有什么区别?My question is: What is the difference between the two?您何时想在另一个上使用一个?When would you want to use one over the other?推荐答案这很微妙,但是答案在您提供的文档中。签名的cookie只能防止篡改,而加密的cookie可以防止读取和篡改。It's subtle, but the answer is in the documentation you provided. Signed cookies only guard against tampering, while encrypted cookies guard against reading and tampering.更具体地说,签名的cookie调用 ActiveSupport :: MessageVerifier 将摘要(使用 secret_key_base 生成)附加到Cookie。如果cookie的值被修改,则摘要将不再匹配,并且在不知道 secret_key_base 的值的情况下,无法对cookie进行签名。 Cookie的值仅是base64编码的,并且任何人都可以读取。More specifically, signed cookies call ActiveSupport::MessageVerifier to append a digest (generated using secret_key_base) to the cookie. If the value of the cookie is modified, the digest will no longer match, and without knowing the value of secret_key_base, the cookie cannot be signed. The value of the cookie is merely base64 encoded, however, and can be read by anyone.名为 ActiveSupport :: MessageEncryptor 在生成摘要之前实际加密cookie的值。与签名的Cookie相似,如果修改了Cookie的值,摘要将不再匹配,但是如果没有 secret_key_base ,则无法解密cookie的值。Encrypted cookies called ActiveSupport::MessageEncryptor to actually encrypt the value of the cookie before generating the digest. Similar to signed cookies, if the value of cookie is modified the digest will no longer match, but additionally the value of the cookie cannot be decrypted without the secret_key_base.关于何时使用加密的Cookie和签名的Cookie,这取决于您存储在Cookie中的信息的敏感性。如果您只想防止有人修改Cookie,则对其进行签名-但是如果您还需要保密数据,请对其加密。As to when you'd use encrypted versus signed cookies, it comes down to the sensitivity of the information you're storing in the cookie. If all you want to protect against is someone modifying the cookie, then sign it - but if you also need to keep the data secret, encrypt it. 这篇关于Rails中签名和加密的cookie有什么区别?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 1403页,肝出来的.. 09-06 16:04