在nodejs中对散列字符串进行Websafe编码 [英] Websafe encoding of hashed string in nodejs
问题描述
我正在创建nodejs中的各种重新导演。我有一些值,比如
userid // superid
这些我想散列以防止用户检索网址并伪造别人的网址以及base64编码以最小化创建的网址的长度。
http:/ /myurl.com/~hashedtoken
其中un-hashed hashtoken可能是这样的
55q322q23
55 = userid
<我考虑过像这样使用加密库:
crypto.createHash('md5')。update(55q322q23) .digest( BASE64);
返回:u / mxNJQaSs2HYJ5wirEZOQ ==
这里的问题是我有/这不被认为是网络安全的,所以我想从某种方式去掉base64字母列表中的不安全字母。有关此问题的任何想法或者可能是对手头问题的更好解决方案吗?
您可以使用所谓的 URL Base64的安全变体。 RFC 4648中描述的最常见变体使用 -
和 _
而不是 +
和 /
分别省略填充字符( =
)。
Base64的大多数实现也支持这个URL安全变体,但是如果你没有,那么手动操作就很容易了。
I am creating a re-director of sorts in nodejs. I have a few values like userid // superid
these I would like to hash to prevent users from retrieving the url and faking someone else's url and also base64 encode to minimize the length of the url created.
http://myurl.com/~hashedtoken where un-hashed hashtoken could be something like this 55q322q23 55 = userid
I thought about using crypto library like so:
crypto.createHash('md5').update("55q322q23").digest("base64");
which returns: u/mxNJQaSs2HYJ5wirEZOQ== The problem here is that I have the / which is not considered websafe so I would like to strip the un-safe letters from the base64 list of letters, somehow. Any ideas about this or perhaps a better solution to the problem at hand?
You could use a so called URL safe variant of Base64. The most common variant, described in RFC 4648, uses -
and _
instead of +
and /
respectively, and omits padding characters (=
).
Most implementations of Base64 support this URL safe variant too, though if yours doesn't, it's easy enough to do manually.
这篇关于在nodejs中对散列字符串进行Websafe编码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!