安全的取消订阅链接-多少加密就足够了? [英] Secure unsubscribe link - How much encryption is enough?
问题描述
我的用户可以订阅通过简单退订链接向其发送电子邮件的线程.通过此过程,此链接包含一个加密的订阅ID和一个验证用户ID:
My users can subscribe to threads that send them an email with a simple unsubscribe link. This link contains an encrypted subscribeid and a verifying userid via this process:
// generate iv and create encrypted data
$iv = openssl_random_pseudo_bytes(16);
$encrypted = openssl_encrypt($data, 'AES-128-CBC', ENCRYPTION_KEY,0,$iv);
// send the iv along with the encrypted text
$ciphertext = $iv . $encrypted;
// generate a hash which can verify the data has not changed
$hash = hash_hmac('sha1', $ciphertext, ENCRYPTION_KEY)
// encode the data for email link
encoded = urlencode(base_64_encode($hash.$ciphertext))
这将生成一个字符串,如:
This generates a string like:
www.site.com?id=YzU4MzAzMjljZWUyYmNmY2JmNjE5MGE0YzVhNDUzZjI0YmJmZWI3YoyqdFj6dxA/OVJOw2UN7HErYVV5dmhUVEJzVHBsUGd3aDNHbjVYbmFMa0dhUFczSmpXWnFBN0FyVGxkVml3S041VlhsSXd6TitJYld5QmdhWEFkL3hYSDFiRWdzN0wvNjFXYURiYlNreXpLQ1ZqWnhHMmdCSlZGaUVxU3ZGY3I3RW9GZkJYN3l4Vkp3YmJicg
在服务器端,我验证数据和哈希,并验证subscriptionid对数据中包含的用户ID有效,然后将订阅记录标记为已过期.
On the server end, I verify the data and hash and verify the subscribeid is valid for the userid contained in the data and then mark the subscribe record expired.
我为临时登录(具有到期日期的登录)开发了这种加密方法,但是对于一个简单的退订链接来说,使用250字符的字符串会过大吗?主要问题似乎是它在url和纯文本电子邮件中难看.也有可能在纯文本电子邮件客户端中断开链接.
I developed this encryption for temporary logins (logins with an expiration date) but is a 250 character string overkill for a simple unsubscribe link? The main issues seem to be that it is unsightly in urls and plain text emails. It also has the risk of the link being broken in plain text email clients.
如果要对其进行黑客攻击,则面临最大风险的是将订阅记录标记为已过期.我是否应该担心过度杀伤(或其他任何事情).有没有更简单但仍然安全的方法?我是具有加密功能的菜鸟.基本问题是多少足够?
If this were to be hacked, the most that is at risk are the subscribe records being marked as expired. Should I worry about overkill (or anything else). Is there a simpler but still secure method? I am a noob with encryption. The basic question is how much is enough?
推荐答案
简单方法是一个特定长度的随机字符串(例如30个字符),该字符串存储在对该字段具有unique约束的表中.除了db之外,该随机值没有任何意义,并且由于其中没有信息,因此无法解密.仅当在where子句中使用它在该表中查找记录时,它才有意义.
Simpler method is a random string of a specific length (e.g. 30 chars) stored in a table with a unique constraint on that field. That random value has no meaning apart from the db and cannot be decrypted because there is no information in it. It only means anything when you use it in a where clause to lookup a record in that table.
这篇关于安全的取消订阅链接-多少加密就足够了?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
