Hashing
Hashing involves taking an input (or “message”) and applying a hash function to transform it into a fixed-size string of characters, typically a hexadecimal number. This output, referred to as the hash, appears random and unique, even for slightly different input data.
Hashing is primarily used to securely store and compare sensitive information like passwords, ensuring that the original data remains confidential and is not stored in plain text. It is an irreversible process, making it practically impossible to revert the hash back to the original data.
Examples
Password Storage and Authentication Hashing securely stores and verifies passwords. Systems store the hash of a password rather than the password itself. When a user logs in, the system hashes the provided password and compares it to the stored hash. If the hashes match, the login is confirmed. This method protects passwords from being exposed even if a security breach occurs.
Data Integrity Hashing checks the integrity of data during transmission or storage. By computing and sending a hash alongside the original data, the recipient can hash the received data and compare the two hashes to ensure no tampering has occurred.
Caching In caching systems, data is stored using hashing to determine storage locations and facilitate quick retrieval. This allows for efficient data access.
Load Balancing Hashing helps evenly distribute incoming requests across multiple backend servers. A hash function applied to properties like a user’s IP address or session ID determines which server will handle the request.
Encoding
Encoding converts data from one format to another, typically for transmission, storage, or processing, and is usually reversible, allowing the data to be decoded back to its original form.
Examples
Serialization Serialization converts complex data structures, such as objects or models, into a format suitable for easy transmission or storage, such as JSON, XML, or Protocol Buffers. This is crucial for data exchange in distributed applications.
Encoding in Compression Compression techniques like gzip and zlib encode data to reduce its size, optimizing network bandwidth and storage costs.
URL Encoding URL encoding ensures special characters in URLs are correctly transmitted over the internet, preventing parsing and data integrity issues. For instance, a URL with spaces or special characters must be encoded to ensure it transmits correctly.
https://example.com/search?query=my search query
In this case, the space is not allowed in URLs. To properly encode it, you’d replace the space with %20,
resulting in:
https://example.com/search?query=my%20search%20query
Other special characters have their respective encodings as well. For instance, the ampersand &
is encoded as %26,
and the plus sign +
is encoded as %2B.
Proper URL encoding ensures that URLs are well-formed and can be correctly interpreted by web servers and browsers, avoiding issues with broken links and incorrect data transmission.
Encryption
Encryption is the process of transforming data into a format that cannot be read by anyone without the appropriate decryption key or credentials. This essential security technique protects sensitive information from unauthorized access or interception. Even if an attacker obtains the encrypted data, they cannot decipher it without the correct encryption key. Encryption is reversible, meaning the original data can be restored using the decryption key.
Examples
Encryption is vital for securing sensitive data, particularly when it is transmitted over untrusted networks or stored in a potentially vulnerable manner. For example, it is standard practice to encrypt credit card details, personal information, and confidential documents to prevent unauthorized access.
In the backend, encryption is used extensively for:
- Securing data at rest: This includes encrypting databases or individual files to ensure they are secure from unauthorized access.
- Securing data in transit: Encrypting communication channels, such as using TLS protocols, ensures that data sent over the network remains private and secure.