So I'm using the ring
crate to generate salts and encode user passwords in a db. The question is that from that I get Vec<u8>
or [u8; N]
, which however are not necessarily a valid utf8
strings, thus trying to convert them to a string to store them in that format in the db does not work.
What is the correct way to do this?
There isn't necessarily one "correct" way to do this. The solution is really dependent on what you're trying to do and what your constraints are, so I think we'd need more details to answer your question.
Spitballing, I can think of at least two potentially acceptable solutions:
- Convert the
Vec<u8>
to aString
and escape any bytes that aren't valid UTF-8. You can see an example for how to do this here. e.g., If you hadvec![102u8, 111u8, 111u8, 255u8]
then you'd wind up with the stringfoo\xFF
. - Store the salt, as given, directly in your database using an appropriate type. Usually these types are called "bytes" or "binary". In PostgreSQL for example, it's called
bytea
.
I would probably lean toward (2) myself if I could get away with it.
You can also hex- or Base64-encode your bytes to a valid String.
Another option would be to zero-out the highest bit of every byte, making the string ASCII, which is guaranteed to be UTF-8 compatible. (you might want to generate a bit longer salt to make up for the lost bits)
Another hazard might occur if the raw data has any zero bytes, if the database string type treats that as a terminator.
Would encoding the Vec<u8>
to base64
string work fine with with the database?
Yes
Thanks everyone for the suggestions.