为什么Laravel会在数据库中放置密码重置链接?
我是Laravel的新手。因此,我试图用Breeze来理解密码重置系统,我单击电子邮件链接后被带到此页面,我注意到此参数
最终也绊倒了password_resets表中的参数的散列版本
我知道这是出于安全原因,但是我认为在您进行哈希之后,令牌是完全没有用的,因为您不能“不满”它,为什么要这样做?
I'm completely new to laravel. So I'm trying to understand password reset system with breeze I was taken to this page after I click on an email link and I noticed this parameter
also ended up stumbling on probably the hashed version of the parameter inside the password_resets table
I get that this is for security reasons but I thought that token is completely useless after you hashed it cause you can't "unhashed" it, why would you do this?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
它生成此散布的字符串,以确保您拥有电子邮件,并且此后不会重复使用它,因为这足以让您设置一个新密码。您请求重置密码链接,然后单击链接(因此您访问收件箱消息),仅此而已;是你!
It generates this hashed string to make sure that you're who owned the email and it doesn't reuse it afterward, because that's enough to let you set a new password. You requested for a reset password link, and you clicked on the link (so you access inbox messages) and that's it; It's you!