Answer the question
In order to leave comments, you need to log in
D
D
Dmitry2019-02-18 11:43:40
Dmitry, 2019-02-18 11:43:40
How to use encryption in Laravel?
I'm learning Laravel
https://laravel.com/docs/5.7/encryption
In principle, everything is easy and clear, how to encrypt data and then store it encrypted in the database.
That is, an attacker, having gained access to the site, automatically receives the encryption key contained in .env.
Then I don't understand the point of using encryption if the key is stupidly stored in the .env file?
I am looking for a way to securely store data in mysql using Laravel. I'm considering a variant with separate storage of the site on one server, and the database - on the server. But in this scheme there is a problem described above, when an attacker gains access to the server with the site (and from there he can pull data from the server from the database)
2 answer(s)
@Sanasol
@Alex_Wells
A
Alexander Aksentiev, 2019-02-18 @Sanasol
It only makes sense if the database was leaked through some hole that does not allow access to the site as a whole.
If you climbed into the site with your head, then nothing will help. There is no such magical way for the site to work with the database, but if something does not get into the database.
A
Alex Wells, 2019-02-19 @Alex_Wells
Because you need to read the correct section: https://laravel.com/docs/5.7/hashing
This is what you need to use for passwords, for example. One-way hashing, which does not allow anyone to restore the original data in any way.
Similar questions
R
F
R
D
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question