Job Encryption in Laravel
https://ift.tt/3jlYQ0f
Consider this job:
class VerifyUser implements ShouldQueue
{
private $user;
private $socialSecurityNumber;
public function __construct($user, $socialSecurityNumber)
{
$this->user = $user;
$this->socialSecurityNumber = $socialSecurityNumber;
}
}
When you dispatch this job, Laravel is going to serialize it so that it can be persisted in the queue store. Let’s take a look at how the final form will look like in the store:
VerifyUser::dispatch($user, '45678AB90');
{
"uuid":"765434b3-8251-469f-8d9b-199c89407346",
// ...
"data":{
"commandName":"App\\Jobs\\VerifyUser",
"command":"O:16:\"App\\Jobs\\VerifyUser\":12:{s:22:\"\u0000App\\Jobs\\VerifyUser\u0000user\";N;s:38:\"\u0000App\\Jobs\\VerifyUser\u0000
socialSecurityNumber\";s:9:\"45678AB90\";s:3:\"job\";N;s:10:\"connection\";N;s:5:
\"queue\";N;s:15:\"chainConnection\";N;s:10:\"chainQueue\";N;s:19:\"chainCatchCallbacks\";N;s:5:\"delay\";N;s:11:\"afterCommit\";N;s:10:\"middleware\";a:0:{}s:7:\"chained\";a:0:{}}"
}
}
Looking at the payload, you can see that the value of socialSecurityNumber
is visible to the human eye. Any person—or program—that gains access to the queue store will be able to extract this value.
For most jobs this isn’t a problem. But if the job stores critical information in the payload, it’s better we encrypt it so that only our queue workers can read it while processing the job. To do that, we’ll need to implement the ShouldBeEncrypted
interface:
use Illuminate\Contracts\Queue\ShouldBeEncrypted;
class VerifyUser implements ShouldQueue, ShouldBeEncrypted
{
private $user;
private $socialSecurityNumber;
public function __construct($user, $socialSecurityNumber)
{
$this->user = $user;
$this->socialSecurityNumber = $socialSecurityNumber;
}
}
This interface was introduced in Laravel v8.19.0 (Released on December 15, 2020)
Now the payload will look like this:
{
"uuid":"765434b3-8251-469f-8d9b-199c89407346",
// ...
"data":{
"commandName":"App\\Jobs\\VerifyUser",
"command":"eyJpdiI6IjIyNWFQOXVNWn...OTJlYjBhYTFmZmQ4MjU1MDZiMDVhMjk0OTYwMTY3ZTgyYjEifQ=="
}
}
Any person or program with access to the queue store will not be able to decrypt the job payload.
You can use the ShouldBeEncrypted
interface with queued jobs, mailables, notifications, and event listeners.
programming
via Laravel News Links https://ift.tt/2dvygAJ
February 12, 2021 at 09:45AM