1,065
edits
User:Prawsthorne/StepxStep: Difference between revisions
Jump to navigation
Jump to search
→Ability to hash the earners email with the salt
Prawsthorne (talk | contribs) |
Prawsthorne (talk | contribs) |
||
| Line 132: | Line 132: | ||
{ });">claim your badge.</a> | { });">claim your badge.</a> | ||
</pre> | </pre> | ||
One of the issues with the plain text nature of json files and massages is that private information can be exposed. One of the features of the OBI is its ability to recognize hashed text to confirm the earner without having to expose their email address in the json file. The following php code snippet hashes the earners email with a salt value using sha256 encryption. This is a one way hash, so you can't "unhash" it. To confirm this value you would need the email address of the earner and the salt value and then hash it yourself with sha256. Once the value is hashed you should have no reason to "unhash" the value, the OBI will be able to do this as it is accepting the badge into the earners backpack. | One of the issues with the plain text nature of json files and massages is that private information can be exposed. One of the features of the OBI is its ability to recognize hashed text to confirm the earner without having to expose their email address in the json file. The following php code snippet hashes the earners email with a salt value using sha256 encryption and echo's (displays) the hashed value to the screen. This is a one way hash, so you can't "unhash" it. To confirm this value you would need the email address of the earner and the salt value and then hash it yourself with sha256. Once the value is hashed you should have no reason to "unhash" the value, the OBI will be able to do this as it is accepting the badge into the earners backpack. | ||
<pre> | <pre> | ||
<?php | <?php | ||