Month: July 2022

Laravel Ciphersweet is a package by Spatie to integrate searchable field-level encryption in Laravel applications. The package’s readme explains the problem Ciphersweet can help solve as follows:

In your project, you might store sensitive personal data in your database. Should an unauthorised person get access to your DB, all sensitive can be read which is obviously not good.

To solve this problem, you can encrypt the personal data. This way, unauthorized persons cannot read it, but your application can still decrypt it when you need to display or work with the data.

This package is a wrapper for Ciphersweet to integrate its features into Laravel models easily. Here’s an example of a model from the readme’s setup instructions that illustrates what a model looks like using Ciphersweet:

 1use Spatie\LaravelCipherSweet\Contracts\CipherSweetEncrypted;
 2use Spatie\LaravelCipherSweet\Concerns\UsesCipherSweet;
 3use ParagonIE\CipherSweet\EncryptedRow;
 4use Illuminate\Database\Eloquent\Model;
 5 
 6class User extends Model implements CipherSweetEncrypted
 7{
 8    use UsesCipherSweet;
 9 
10    public static function configureCipherSweet(EncryptedRow $encryptedRow): void
11    {
12        $encryptedRow
13            ->addField('email')
14            ->addBlindIndex('email', new BlindIndex('email_index'));
15    }
16}

This allows you the encrypt a user’s email to keep it safe from unauthorized people reading the data, but give you the ability to decrypt the data to display it or work with it.

Once you have configured this package and set up a model, you can search encrypted data in the database using blind indexes:

1$user = User::whereBlind('email', 'email_index', 'rias@spatie.be');

This package also aids in generating encrypting keys and encrypting model attributes to speed up integration with Ciphersweet.

I want to point out that you should not use this package blindly without understanding the ins and outs of the use case you are trying to solve. You can learn more about CipherSweet on this page, which has many linked resources.

CipherSweet also has PHP-specific documentation to help get you up to speed with the underlying PHP package.

I would also recommend reading Rias’ post, Encrypting Laravel Eloquent models with CipherSweet.

To get started with this package, check it out on GitHub at spatie/laravel-ciphersweet.

1. Not knowing which datatype to use in MySQL

I once heard it’s better to use integers when handling financial data. You convert a price like €10 to its lowest unit (cents in this case). This way you end up using 1000 as the amount to work with. This way you avoid the floating-point problem. The floating-point problem is best shown by typing the following in your Google Chrome console:

0.1 + 0.2 > 0.30000000000000004

If you want to learn more about this problem visit this website. Working with integers is dramatic for readability (how much is 13310 in euros?). The disadvantage of working with integers is also that it has a limit of 2147483647 which is roughly € 21,474,836.47. Although with the euro you probably wouldn’t run into this issue quickly but with the Vietnamese Dong, this wouldn’t work. Learnings: use decimals (not floats!) in MySQL to store monetary values. Depending on how many decimals you need decimal(15,2) oftentimes is enough.

2. Not having something to fact-check the numbers

Imagine we have a shopping cart where there’s 1 product for € 100, the VAT of € 21 and a total of € 131. The first time you’re sharp and you immediately see your mistake. After the 100th time, you start to be blind to those mistakes.

That’s why you need something to fact-check the numbers if they’re correct. I’ve created a Google Sheet for me and my team where we can all fact-check this. Especially if you work with people who test your product but don’t have access to the code this is crucial. How should they know if the price displayed is the correct one?

3. Not splitting the price into all the components

Every part of a price should be stored separately. If not, there’s no way to reproduce the components if you need to later on. So save the VAT amount, the discount amount, the base price, and the total all separately. Big chance there are gonna be more price components in your app in the future.

4. Using foreign keys in the ‘orders’ table

One of my dumbest mistakes. I had an ‘orders’ table where all the orders of an e-commerce store were placed. Unfortunately, it had a reference to the actual products which I got the product price from. Everything was fine until one of the product prices changed and older orders were affected by it😅

I’ve made many mistakes even though I have been developing applications for years. But without resistance, there’s no growth, so I tend to share my mistakes so you might prevent them.

I’m planning on writing an ebook on developing applications where you work with money. If you’re interested you might wanna subscribe to get free access to the first chapter.

Subscribe here

Doctors in the UK say a man’s intense supplement regimen landed him in the hospital with vitamin D poisoning. In a new case report, they detail how their patient became sick soon after he started to take large doses of vitamins and minerals. Though vitamin D overdose is uncommon, the study authors say, cases seem to be on the rise globally.

According to the paper, published in BMJ Case Reports, the middle-aged man was referred to an emergency department by his general practitioner. For nearly three months, he had been dealing with a variety of ongoing symptoms, including vomiting, diarrhea, abdominal pain, dry mouth, tinnitus, and leg cramps; he had also lost almost 30 pounds. Tests soon ruled out other potential causes of his illness, such as infection. But they revealed evidence of acute kidney injury, as well as much higher levels of vitamin D and calcium (a common sign of vitamin D overdose) than normal in his system.

The man reported that his symptoms began about a month after he decided to take a lengthy list of supplements on the advice of a private nutritionist. But his allotted doses were far higher than the daily recommended amount. He reportedly took 50,000 milligrams of vitamin D, for instance, or almost 100 times the 600 milligrams a day we should be getting. (Other supplements included vitamin K2, vitamin C, vitamin B9, omega 3s, zinc, and magnesium). The man said he did stop taking the cocktail after his symptoms appeared, but they continued nonetheless.

Ultimately, he was placed on intravenous fluids and hospitalized for eight days, with doctors monitoring his blood every day to ensure that he was improving. He was also given counseling and drugs known as bisphosphonates to manage his high calcium levels during and after his hospitalization. Vitamin D is fat-soluble, meaning that it gets absorbed into the body’s fatty tissues and doesn’t quickly dissipate. Two months after his hospital stay, follow-up tests showed that his levels of calcium had returned to near-normal, but not his levels of vitamin D.

People naturally get vitamin D from food or from regular exposure to sunlight. And while there is some evidence that many people may have insufficient vitamin D levels, there’s no evidence that taking megadoses of vitamin D or other supplements will improve health. On the other hand, vitamin D intoxication, or hypervitaminosis D, is almost always linked to improper supplementation. Data is sparse on how often it happens, but a 2016 analysis of U.S. poison control data found over 25,000 reports related to vitamin D documented between 2000 and 2014. Most reports of illness were mild to moderate, with no related deaths, but exposures did seem to become more common over time—a trend noted by the current study authors.

“Globally, there is a growing trend of hypervitaminosis D, a clinical condition characterized by elevated serum vitamin D3 levels,” they wrote, adding that cases are more common in women, children, and surgical patients.

Supplements can be useful for certain groups, such as people with clear nutritional deficiencies or pregnant people who need extra folic acid. But many doctors remain skeptical of their use for the average person. Indeed, an influential panel of experts recently recommended against taking vitamin E or beta-carotene supplements to prevent cancer or heart disease, citing the lack of good evidence for their benefits as well as some evidence that they can actually be harmful. Vitamin D overdoses like this current case aren’t common, but it is yet another example of why supplements aren’t quite as useful or harmless as commonly believed.

“This case report further highlights the potential toxicity of supplements that are largely considered safe until taken in unsafe amounts or in unsafe combinations,” the authors wrote.