Laravel - "insecure" route

0

I'm doing a function to evaluate a transaction between a customer (company) and his client (final consumer). There an email / sms is sent to the end consumer with a link to him assessing the transaction quickly by the same phone. I thought of making the url fall straight into the transaction without asking for a login, but to have a minimum of security, I thought I'd identify this transaction on the UUID or HashMd5 link for some of that information.

What would be the pros and cons of each solution? What is the best package for UUID in same laravel or for general php?

    
asked by anonymous 31.07.2016 / 19:22

1 answer

2

One solution I recently adopted, not to take as many user-side steps was:

  • Produce the link to the end consumer associated with the transaction and timestamp
  • The client receives a link with a HASH. I used SHA1 with email, a salt (random random word) and unique id currently calculated and saved in the profile.
  • Performs a parallel JOB that checks all the hashes created more than 1 day ago. There you can create a new hash and remember or just delete.
  • Click on the link and validate HASH
  • For the salt with id has the function uniqid () of php that can help you.

        
    31.07.2016 / 20:03