Laravel 5.8-保存加密的用户电子邮件 [英] Laravel 5.8 - save user emails encrypted

问题描述

我正在寻找一种加密数据库中用户电子邮件的方法.由于Encrypt始终生成其他字符串，因此失败.所以我拿了sha1.

在AuthenticatesUsers中，我已将凭据方法更改为:

 受保护的功能凭据(请求$ request){return ['email'=>sha1(strtolower($ request-> email))，'password'=>($ request->密码)];} 

这非常适合登录/注册.但是重置密码存在问题.

重置密码使用SendsPasswordResetEmails特性.

有此凭据方法:

 受保护的功能凭据(请求$ request){返回$ request-> only('email');} 

这总是失败，因为它找不到用户(因为用户是通过sha1电子邮件保存的)

如果我将其更改为 return ['email'=>sha1(strtolower($ request ['email'])))];

我得到一个错误，那就是电子邮件不在正确的RFC标准中，无法发送电子邮件.问题是，我找不到真正的地方，laravel是使用此电子邮件为用户搜索的地方.无论如何，我根本不知道如何解决这个问题.

我想对电子邮件本身进行加密，因为在德国，有一项法律强制我们存储加密的个人数据，例如电子邮件.

解决方案

首先要说的是哈希与加密不同.

加密是一种双向功能，也就是说，如果您可以加密电子邮件，则可以解密如果您知道加密密钥，则可以使用反向功能，并获取原始电子邮件.

散列是一种单行功能，也就是说，如果您散列您无法获得的密码具有反向功能的原始密码，您只能验证，当再次输入密码时，所获得的哈希值与原始哈希值匹配，因此您只知道两个密码是相同的.

您通常存储的密码是散列的，而不是加密的，因此，即使管理员也无法恢复原始密码，他只能验证用户输入的密码是否正确.与他输入的原始密码匹配的哈希值.

您可以在以下stackoverflow问题中了解更多信息:散列密码并加密.

sha1()是一个散列函数，因此不可逆，您无法获取原始电子邮件.

Laravel具有函数 encrypt()和 decrypt()来加密事物，请参见有关哈希的文档.

因此，如果您要加密电子邮件，而不是用sha1对其进行哈希处理，则应使用 encrypt()和 decrypt().

您最好的方法是使用 mutators ，即:

 公共函数getEmailAttribute($ value){返回解密($值);}公共函数setEmailAttribute($ value){$ this-> attributes ['email'] = crypto($ value);} 

因此，您将在数据库中加密电子邮件，并且可以在代码中使用 $ user->电子邮件.

但是我必须警告您，使用加密的电子邮件，登录过程将不可避免地中断，您必须使用另一个唯一字段，例如 username 登录(而不是电子邮件)，因此在登录控制器中，您必须输入:

 公共功能username(){返回用户名"；} 

I'm looking for a way to encrypt the user emails in the database. Since Encrypt always generates a different string, it fails. So I took sha1.

in AuthenticatesUsers I've changed the credentials method to:

 protected function credentials(Request $request)
 {
    return ['email' => sha1(strtolower($request->email)), 'password' => ($request->password)];
 }

This works great for the login/registration. But there are problems with resetting the password.

Resetting the password uses the SendsPasswordResetEmails trait.

There it this credentials method:

protected function credentials(Request $request)
{
    return $request->only('email');
}

This always fails, cause it does not find the user (cause the user is saved with sha1 email)

if I change it to return ['email' => sha1(strtolower($request['email']))];

I get the error, that the email is not in the right RFC standart, to send a email. The Problem is, I don't really find the place, where laravel is searchig for the user with this email. Anyway, I don't really have a clue, how I can solve this problem at all.

I want to encrypt the email itself, because in germany there is a law which forces us to store personal data encrypted, like the email.

解决方案

First thing to say is that Hashing is not the same as Encryption.

Encryption is a two way function, that is if you can encrypt an email you can decrypt it with a reverse function, if you know the encryption key, and obtain the original email.

Hashing is a one way function, that is if you hash a password you can't obtain the original password with a reverse function, you can only verify that, when you input the password again, the hash you obtain matches the original hash, so you only know that the two password are identical.

You usually store password hashed, not crypted, so even the administrator can't recover the original password, he con only verify that a input from a user has a hash that match the original password he entered.

You can read more in this stackoverflow question: Difference between Hashing a Password and Encrypting it.

The sha1() is a hashing function, so is not reversable, you can't obtain the original email.

Laravel has the functions encrypt() and decrypt() to encrypt things, see the docs on encryption, and has the functions Hash::make() to hash a password and Hash::check() to verify the password, see the docs on hashing.

So if you want to encrypt the emails, not hashing them with sha1, you should use encrypt() and decrypt().

The best way for you is to use mutators, i.e.:

public function getEmailAttribute($value)
{
    return decrypt($value);
}

public function setEmailAttribute($value)
{
    $this->attributes['email'] = encrypt($value);
}

So you will have email encrypted in the database and you can use $user->email in your code.

But I have to warn you that with encrypted email the login process is irreparably broken, you have to use another unique field like username for the login, not the email, so in your login controller you have to write:

public function username()
{
    return 'username';
}

这篇关于Laravel 5.8-保存加密的用户电子邮件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！