Laravel隐藏属性。例如密码 - 安全 [英] Laravel hidden attributes. e.g. Password - security

问题描述

根据 http://laravel.com/docs/eloquent ，可以通过使用隐藏属性从数组或JSON转换模型中的一个受保护的$ hidden变量。

According to http://laravel.com/docs/eloquent, one can Hide Attributes From Array Or JSON Conversion by using a protected $hidden variable in the Model.

class User extends Eloquent {
    protected $hidden = array('password');
}

很好，但是运行 print_r（User ::所有（））加密的密码从用户对象的服务器发送到客户端。

Great, however when running print_r(User::all()) the encrypted password is sent from server to client inside the User object.

这不仅限于print_r（）如果特定用户被查询， $ user-> password 将在视图中显示加密的密码。

This is not just restricted to print_r(), if the specific user is queried, $user->password will display the encrypted password in the view.

有没有办法阻止这个？每次查询我的用户对象时，密码将作为数据的一部分发送，即使不需要。

Is there a way of stopping this? Every time my user object is queried, the password will sent with it as part of the data, even though it doesn't need to be.

Illuminate\Database\Eloquent\Collection Object
(
[items:protected] => Array
    (
        [0] => User Object
            (
                [hidden:protected] => Array
                    (
                        [0] => password
                    )

                [connection:protected] => 
                [table:protected] => 
                [primaryKey:protected] => id
                [perPage:protected] => 15
                [incrementing] => 1
                [timestamps] => 1
                [attributes:protected] => Array
                    (
                        [id] => 1
                        [email] => admin@admin.com
                        [first_name] => Admin
                        [last_name] => User
                        [password] => $2y$10$7Wg2Wim9zHbtGQRAi0z6XeapJbAIoh4RhEnVXvdMtFnwcOh5g/W2a
                        [permissions] => 
                        [activated] => 1
                        [activation_code] => 
                        [activated_at] => 
                        [last_login] => 
                        [persist_code] => 
                        [reset_password_code] => 
                        [created_at] => 2013-09-26 10:24:23
                        [updated_at] => 2013-09-26 10:24:23
                    )

推荐答案

当您运行 User :: all（）时，它返回一个Collection对象。此集合包含对象形式中的所有用户。因此，您的用户将包含其密码。这是因为任何原因可以显示散列密码。但是，如前所述，如果将集合或用户转换为数组或JSON，则如果隐藏，密码字段应该删除。

When you run User::all(), it returns a Collection object. This Collection contains all your Users in object form. Therefore, your Users will contain their passwords. This is so you can display the hashed password for whatever reason. However, as you said before, if you transform the Collection or Users into arrays or JSON, the password field should be gone if hidden.

因此，如果要获取删除它们，尝试运行以下内容：

Therefore, if you want to get rid of them, try running the following:

$array_of_users = Users::all()->toArray();
$json_of_users = Users::all()->toJson();

dd（） 。密码字段将会消失。

dd() these both to inspect them. The password field will be gone.

这在Laravel关于序列化。

This is explained in Laravel's documentation on serialization.

这篇关于Laravel隐藏属性。例如密码 - 安全的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！