According to http://laravel.com/docs/eloquent, one can Hide Attributes From Array Or JSON Conversion by using a protected $hidden variable in the Model.
class User extends Eloquent {
protected $hidden = array('password');
}
Great, however when running print_r(User::all())
the encrypted password is sent from server to client inside the User object.
这不仅限于print_r(),如果查询特定用户,$user->password
将在视图中显示加密的密码.
Is there a way of stopping this? Every time my user object is queried, the password will sent with it as part of the data, even though it doesn't need to be.
Illuminate\Database\Eloquent\Collection Object
(
[items:protected] => Array
(
[0] => User Object
(
[hidden:protected] => Array
(
[0] => password
)
[connection:protected] =>
[table:protected] =>
[primaryKey:protected] => id
[perPage:protected] => 15
[incrementing] => 1
[timestamps] => 1
[attributes:protected] => Array
(
[id] => 1
[email] => admin@admin.com
[first_name] => Admin
[last_name] => User
[password] => $2y$10$7Wg2Wim9zHbtGQRAi0z6XeapJbAIoh4RhEnVXvdMtFnwcOh5g/W2a
[permissions] =>
[activated] => 1
[activation_code] =>
[activated_at] =>
[last_login] =>
[persist_code] =>
[reset_password_code] =>
[created_at] => 2013-09-26 10:24:23
[updated_at] => 2013-09-26 10:24:23
)