Back

In Laravel, how would one encrypt email address of users? Like, it should be only be decrypted by users credentials e.g password etc (which only he knows). But then question arise, how would then app send important emails to that user..?

2

775

If your DB is on the same server as your application, encrypt the EMAIL also has mostly zero benifit as you would store encryption codes also on the same server.

What are in your case "important emails"? For login, password reset you only require a HASH no encryption, storing hashes is the best for the enduser. As in case of matching hash you can get the the email from the request and send a email then.

You only require the email for notifications which you may want in your app make it possible to loginEmail != notificationEmail of a user and so only store that as clear text.

Still want toe encrypt something, have a look at: laraveldaily.com/post/laravel-encrypt-models-data-with-casts


1

76

They said "it should be only be decrypted by users credentials e.g password etc (which only he knows)"

2

175

Is there any package around in your knowledge which provides a solution from this requirement?

1

111

Why you need package!

Just get key from user and tell them that keep it with you and only with you (in professional language yeah)

You just need to do

// Yeah you need to do some tweaks with key before passing it to encrypter!
$encrypter = new Encrypter($keyFromUser);

1

104