douhe3313 2013-07-27 14:52
浏览 63
已采纳

CakePHP中的唯一标记

I need to create truly unique token when inserting records in CakePHP. The table can contain millions of rows so I cant just base on some randomly generated strings. I do not want to use a microtime() as well, because there is, though very small probability that two records can be submitted exactly at the same moment. Of course the best solution would be to use String::uuid(), but as from cakephp documentation

The uuid method is used to generate unique identifiers as per RFC 4122. The uuid is a 128bit string in the format of 485fc381-e790-47a3-9794-1337c0a8fe68.

So, as far as I understood it does not use cake's security salt for its generation. So, I decided to hash it by security component's hash function (or Auth Password function), because I need it to be unique and very, really very secure at the same time. But then I found the question, saying that it is not a good idea, but for php uniqid and md5. Why is MD5'ing a UUID not a good idea?

And, also I think the string hashed by security component is much harder to guess - because, for example String::uuid() in for loop has an output like this

for ($i = 0; $i < 30; $i++) {
    echo String::uuid()."<br>";
}       
die;

// outputs
51f3dcda-c4fc-4141-aaaf-1378654d2d93
51f3dcda-d9b0-4c20-8d03-1378654d2d93
51f3dcda-e7c0-4ddf-b808-1378654d2d93
51f3dcda-f508-4482-852d-1378654d2d93
51f3dcda-01ec-4f24-83b1-1378654d2d93
51f3dcda-1060-49d2-adc0-1378654d2d93
51f3dcda-1da8-4cfe-abe4-1378654d2d93
51f3dcda-2af0-42f7-81a0-1378654d2d93
51f3dcda-3838-4879-b2c9-1378654d2d93
51f3dcda-451c-465a-a644-1378654d2d93
51f3dcda-5264-44b0-a883-1378654d2d93

So, after all the some part of the string is similar, but in case of using hash function the results are pretty different 

echo Security::hash('stackoverflow1');
echo "<br>";
echo Security::hash('stackoverflow2');

die;
// outputs
e9a3fcb74b9a03c7a7ab8731053ab9fe5d2fe6bd
b1f95bdbef28db16f8d4f912391c22310ba3c2c2

So, the question is, can I after all hash the uuid() in Cake? Or what is the best secure way to get truly unique and hashed (better according to my security salt) secure token.

UPDATE

Saying secure token, I mean how difficult it is for guessing. UUID is really unique, but from the example above, some records have some similarity. But hashed results do not.

Thanks !!

  • 写回答

4条回答 默认 最新

  • dongsheng8664 2013-09-17 07:42
    关注

    I have come up with the following solution

    to use a string as a result of concatenating current time in microseconds and random string's hash

    $timeStr = str_replace("0.", "", microtime());
$timeStr = str_replace(" ", "", $timeStr);
echo Security::hash('random string').'_'.$timeStr;

// 5ffd3b852ccdd448809abb172e19bbb9c01a43a4_796473001379403705

    So, the first part(hash) of the string will contribute for the unguessability of the token, and the second part will guarantee its uniquenes.

    Hope, this will help someone.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

  • CakePHP唯一标记 php
    2013-07-27 14:52
    回答 4 已采纳 I have come up with the following solution to use a string as a result of concatenating current t
  • cakephp使用PHP Gender扩展 php
    2018-12-05 16:32
    回答 1 已采纳 Without your CakePHP code I can only guess but yes, most likely the namespace creates the problem.
  • CakePHP 3.0供应商文件夹缺少autoload.php php
    2017-05-22 07:06
    回答 1 已采纳 You can recreate your project autoload by this method: Open your terminal, cd /var/www/html/book
  • cakephp视图用php文件,CakePHP模板的推荐语法(视图)
    2021-04-29 05:57
    股票分析师陈超的博客 自从我使用CakePHP之后,我就问自己对CTP文件的推荐语法有了更深层次的认识,它基本上是一个HTML文件,所有PHP代码都用标签括起来.我发现这很难阅读,我认为HTML和PHP之间的上下文切换会增加一些性能损失.收集字符串的...
  • CakePHP向脚本标记添加异步 php
    2013-09-22 15:48
    回答 1 已采纳 Checking the source code indicates that there is no way to implement such tag as it's obvious that
  • CakePHP烘焙PHP版本错误 php
    2017-09-28 21:32
    回答 1 已采纳 That is your webserver problem. There is nothing to do with cake bake. Find a way to configure w
  • PHP版本5.4.19运行CakePHP 1.2.9 php
    2014-10-14 17:37
    回答 1 已采纳 Since PHP 5.4 E_STRICT is included in E_ALL. Maybe CakePHP 1.x doesn't know of E_STRICT setting ?
  • CakePHP系列(五)----路由
    2017-02-25 10:12
    码农致富的博客 路由还可以标记唯一的名称,这允许您在构建链接时快速引用它们,而不是指定每个路由参数: use Cake\Routing\Router; Router::connect( '/login', ['controller' => 'Users', 'action' => 'login'], ['_...
  • cakephp从多维数组创建数组 php
    2018-07-26 08:14
    回答 1 已采纳 array_push($file,array_fill_keys($key, $files['name'])); if you give the field you want to fill
  • CakePHP:在routes.php重定向url php
    2015-10-28 16:50
    回答 1 已采纳 Router::connect('/old_url/*', array('controller' => 'my_controller', 'action' => 'old_url'))
  • cakePHP的递归函数 php
    2016-05-26 10:44
    回答 1 已采纳 If I understand correctly what you want, the recursion in not needed public function generateFile
  • php开发是什么意思,对于一个庞大的项目,什么是更好的CakePHP或纯PHP
    2021-04-23 18:15
    好好住的博客 如上所述,您对该项目的范围和复杂性的定义有点模糊,但我会回答一般观察,即较大的项目比较小的项目受益于更多“自上而下”的结构.我怀疑地球上几乎每个PHP开发人员都是通过直接攻击index.php开始,然后为guestbook.php...
  • 如何在cakephp设置cronjobs php
    2018-09-15 15:09
    回答 1 已采纳 I dont know if there exists any "canonical" way of doing this, but I have good results with approa
  • PHP – 最佳实践
    2022-09-16 11:08
    allway2的博客 PHP 开发 Web 应用程序时,您应该遵循一些好的做法。其大多数都非常容易上手,其一些甚至适用于一般的 Web 开发。这不是特定于 PHP 的。为避免用户刷新浏览器并两次提交相同的表单数据的情况,您应该始终...
  • Visual Studio Code搭建PHP调试环境
    2019-07-07 15:33
    Chao启航秀的博客 使用Visual Studio Code搭建PHP调试环境 一.需要安装的软件 Visual Studio Code安装可以参照博文: https://blog.csdn.net/qq_34195507/article/details/94558862 WAMP(包括Apache、MySQL、PHP、以及最关键的XDebug)...
  • php面试题大全及答案
    2021-01-21 12:49
    艾莉宝贝的博客 ** ## 包括PHP基础部分、数据库部分、面向对象部分、ThinkPHP部分部分、smarty模板引擎、二次开发系统(DEDE、ecshop)、微信公众平台开发、...2、WEB开发数据提交方式有几种?有什么区别?百度使用哪种方式? Get
  • php 代码检查工具命令_在PHP使用命令行工具
    2020-07-01 03:56
    cuxiong8996的博客 具有许多强大的框架,例如CakePHP和CodeIgniter,可以使您像任何Rails程序员一样高效。 可以与MySQL,PostgreSQL,Microsoft®SQL Server甚至Oracle通信。 轻松与JavaScript框架集成,例如sc...
  • PHP日志记录工具Monolog
    2019-08-30 15:15
    做梦丶的博客 使用 Monolog 安装 核心概念 日志级别 配置一个日志服务 为记录添加额外的数据 使用通道 ...Monolog是php下比较全又容易...目前有包括Symfony 、Laravel、 CakePHP等诸多知名php框架都内置了Monolog。 Mono...
  • 2021-PHP核心技术经典面试题
    2021-05-22 09:40
    浅糖不是糖的博客 1.写出一个能创建多级目录的PHP函数 <?php /** * 创建多级目录 * @param $path string 要创建的目录 * @param $mode int 创建目录的模式,在windows下可忽略 */ function create_dir($path,$mode = 0777...
  • php 面试常问的题目2
    2020-07-05 22:43
    nzz_171214的博客 PHP专业面试题汇总 一、PHP基础: 二、数据库部分 三、面向对象部分 四、ThinkPHP部分 五、smarty模板引擎 六、二次开发系统(DEDE、ecshop) ...2、WEB开发数据提交方式有几种?有什么区别?百度使
  • 没有解决我的问题, 去提问

悬赏问题

  • ¥35 平滑拟合曲线该如何生成
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable
  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 自己瞎改改,结果现在又运行不了了
  • ¥15 链式存储应该如何解决
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站