Laravel - Route "insecure"

Asked

Viewed 73 times

0

I am doing a function to evaluate a transaction between a client (company) and his client (end consumer). Then an email/sms is sent to the final consumer with a link for him to evaluate the transaction quickly by cell phone. I thought to make the url fall straight into the transaction without asking login, but to have a minimum of security, I thought to identify this transaction in the link by UUID or Hashmd5 of some data of this information.

What would be the pros and cons of each solution? What is the best package for UUID in same or general php?

php database laravel uuid

1 answer

2


One solution I adopted recently, not to have so many steps on the user’s side was:

  1. Produces the link to the final consumer associated with the transaction and timestamp
  2. The client receives a link with a HASH. I used SHA1 with email, a salt (fixed word Random) and unique id calculated at the time and saved in profile.
  3. Runs a parallel JOB that checks all hash created more than 1 day ago. Ai can create a new hash and remember or simply delete.
  4. Click on the link and validate the HASH

For salt with id you have the uniqid() php function that can help you.

Browser other questions tagged php database laravel uuid

You are not signed in. Login or sign up in order to post.