在 laravel 中加密或散列电话号码
[英]encrypting or hashing phone number in laravel
问题描述
We have developed a mobile app which uses mobile phone number and otp for authentication.
我们开发了一个移动应用程序,它使用手机号码和 otp 进行身份验证。 Since phone number is part of sensitive user information, we have to encrypt or hash it to reduce the risk of exposing users sensitive data in case of leak.由于电话号码是敏感用户信息的一部分,我们必须对其进行加密或 hash 以降低泄露用户敏感数据的风险。
When a user logs in, after otp, I have to fetch the user information from db and for that purpose, I have to run a query to match against the users phones in database.当用户登录时,在 otp 之后,我必须从 db 中获取用户信息,为此,我必须运行查询以匹配数据库中的用户电话。 The encryption works fine as I can decrypt the phone and then match against the login phone number.加密工作正常,因为我可以解密手机,然后匹配登录电话号码。 However, due to large number of users, this is slower但是,由于用户数量众多,速度较慢
Another option for me is to hash the phone numbers.我的另一个选择是 hash 电话号码。 then I can hash the login phone number against the hashed phone in the database.然后我可以 hash 将登录电话号码与数据库中的哈希电话相对应。 However, since same phone number will not generate the same hash, comparing is not possible但是,由于相同的电话号码不会生成相同的 hash,因此无法进行比较
Another way is to use the Hash check function but that can be used alone when you single value of login phone against a single row fetched from the database.另一种方法是使用 Hash 检查 function 但当您针对从数据库中获取的单行登录电话时,可以单独使用该方法。
I would like to know if the hash matching can be used in the laravel query so that the hashed login user phone numbers is checked against the hashed phone numbers in the database.我想知道是否可以在 laravel 查询中使用 hash 匹配,以便根据数据库中的哈希电话号码检查哈希登录用户电话号码。
I would appreciate if someone can give me a solution for this.如果有人可以为此提供解决方案,我将不胜感激。
Regards问候
1 个解决方案
解决方案1
0 2021-12-19 09:09:39
Apology for writing this as an answer but I have a low reputation to suggest this in the comments section.道歉写这个作为答案,但我在评论部分提出这个建议的声誉很低。
When user submit their phone number through registration extract the first 3 digits of the number当用户通过注册提交他们的电话号码时,提取号码的前 3 位数字
If we use the image above as a reference that will be 555 .如果我们使用上面的图像作为参考,那将是555 。
Step 1步骤1
From your user phone number database create a new column to those 3 digits where will be used as a lookup table.从您的用户电话号码数据库中为这 3 位数字创建一个新列,其中将用作查找表。 You already mention that you have hashed the phone numbers and for that will need to query all phone numbers decrypt them one by one and add those 3 digits to new column.您已经提到您已经对电话号码进行了哈希处理,为此将需要查询所有电话号码一一解密并将这 3 位数字添加到新列中。
Step 2第2步
When you're about to check user phone number, check you're phone number database and retrieve all results that match that lookup number example 555 (if you expect to return a large number of results, make sure you use a Eloquent cursor .当您要检查用户电话号码时,请检查您的电话号码数据库并检索与查找号码示例555匹配的所有结果(如果您希望返回大量结果,请确保使用Eloquent cursor 。
Your query will be something like:您的查询将类似于:
PhoneBook::where('part_number','=',555)->get();
Having that said you can again check if the hash match with Hash::check but the scope of check will be limited and the speed improvements will be significant话虽如此,您可以再次检查 hash 是否与Hash::check匹配,但检查的 scope 将受到限制,并且速度提升将显着
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.