Laravel隐藏属性。例如密码 - 安全 [英] Laravel hidden attributes. e.g. Password - security
问题描述
根据 http://laravel.com/docs/eloquent ,可以隐藏属性从Array或JSON转换通过在模型中使用受保护的$隐变量。
类用户扩展雄辩{
保护的隐藏$ =阵列('密码');
}
大,但运行时,的print_r(用户::所有())加密的密码是从服务器发送到客户端的用户对象中。
这并不仅仅限于的print_r(),如果特定用户的查询, $用户自方式>密码将在视图中显示的加密密码
有没有停止该方式?每个我的用户对象被询问时,该密码将它发送作为数据的一部分,尽管它并不需要是
照亮\\数据库\\锋\\集合对象
(
[项目:保护] =>排列
(
[0] =>用户对象
(
[隐藏:保护] =>排列
(
[0] =>密码
) [连接:保护] =>
[表:保护] =>
[PrimaryKey的:保护] => ID
[perPage:保护] => 15
[递增] => 1
[时间戳] => 1
[属性:保护] =>排列
(
[ID] => 1
[邮件] => admin@admin.com
[FIRST_NAME] =>联系
[姓氏] =>用户
[密码] => $ 2Y $ 10 $ 7Wg2Wim9zHbtGQRAi0z6XeapJbAIoh4RhEnVXvdMtFnwcOh5g /部W2a
[权限] =>
[激活] => 1
[activation_ code =>
[activated_at] =>
[LAST_LOGIN] =>
[persist_ code =>
[reset_password_ code =>
[created_at] => 2013年9月26日10点24分23秒
[的updated_at] => 2013年9月26日10点24分23秒
)
当您运行用户::所有(),它返回一个Collection对象。这个集合包含所有用户的对象的形式的。因此,您的用户将包含他们的密码。这样,您可以显示无论出于何种原因哈希密码。然而,正如您之前所说,如果改造或收集到的用户数组或JSON,密码字段应该隐藏,如果走了。
因此,如果你想摆脱他们,尝试运行以下内容:
$ array_of_users = ::用户全部() - GT;的toArray();
$ json_of_users = ::用户全部() - GT;的toJSON();
DD()这些既要检查它们。密码字段将不复存在。
According to http://laravel.com/docs/eloquent, one can Hide Attributes From Array Or JSON Conversion by using a protected $hidden variable in the Model.
class User extends Eloquent {
protected $hidden = array('password');
}
Great, however when running print_r(User::all()) the encrypted password is sent from server to client inside the User object.
This is not just restricted to print_r(), if the specific user is queried, $user->password will display the encrypted password in the view.
Is there a way of stopping this? Every time my user object is queried, the password will sent with it as part of the data, even though it doesn't need to be.
Illuminate\Database\Eloquent\Collection Object
(
[items:protected] => Array
(
[0] => User Object
(
[hidden:protected] => Array
(
[0] => password
)
[connection:protected] =>
[table:protected] =>
[primaryKey:protected] => id
[perPage:protected] => 15
[incrementing] => 1
[timestamps] => 1
[attributes:protected] => Array
(
[id] => 1
[email] => admin@admin.com
[first_name] => Admin
[last_name] => User
[password] => $2y$10$7Wg2Wim9zHbtGQRAi0z6XeapJbAIoh4RhEnVXvdMtFnwcOh5g/W2a
[permissions] =>
[activated] => 1
[activation_code] =>
[activated_at] =>
[last_login] =>
[persist_code] =>
[reset_password_code] =>
[created_at] => 2013-09-26 10:24:23
[updated_at] => 2013-09-26 10:24:23
)
When you run User::all(), it returns a Collection object. This Collection contains all your Users in object form. Therefore, your Users will contain their passwords. This is so you can display the hashed password for whatever reason. However, as you said before, if you transform the Collection or Users into arrays or JSON, the password field should be gone if hidden.
Therefore, if you want to get rid of them, try running the following:
$array_of_users = Users::all()->toArray();
$json_of_users = Users::all()->toJson();
dd() these both to inspect them. The password field will be gone.
这篇关于Laravel隐藏属性。例如密码 - 安全的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
