https://netsuiteprofessionals.com logo
Join Slack
Powered by
Hi, our developer team ask me to make SHA256 Hash ...
# suitescript
z
Hi, our developer team ask me to make SHA256 Hash for some critical data … What SHA256??? In the real situation, I made a REST endpoint in NetSuite and the response is JSON … They ask “could you sha256 internalid value”… LoL 🙂
a
its a hash function 🙂 https://en.wikipedia.org/wiki/SHA-2
c
You can do SHA256 or SHA512 w/ the N/crypto module (or CrpyptoJS if needed). Not sure what they are asking though and I would get some clarification.
a
sounds like they just want some data element in the payload hashed?... but yeah clarify the requirements for sure n/crypto module does support SHA-256, but its not great to work with tbh
z
Yes, they want to "hash" internalid value
documentation is poor crypto. digest ceypto. update
a
Copy code
let hashObj = crypto.createHash({
    algorithm: crypto.HashAlg.SHA256
});
   
hashObj.update({
    input: nonceStr,
});
/* nonceStr is just a randomly generated string for this but its not for between systems so its stored and then  later compared  you'll have to do something different, either have them provide the input in the request, or just have some hardcoded thing.
*/

let key = hashObj.digest({
    outputEncoding: encode.Encoding.BASE_64
});
the 
key
here would be the hashed result
acutally you'd replace 
nonceStr
with whatever your hashing... so the internalId i guess?
and then use 
key
in your JSON where previously you had the internalid
but the context REALLY matters here, what are they doing with the hash, why don't they want the internalid.. are they gonna send the hash back as the interalid which you'll have to intercept and figure out what the inernalid is?
z
ok, now I am one step closer to understand you, but not my developer team if I create function xsha256(inputString) and return hashed value, how they "revert" hashed value to original
a
that's the neat part ... you can't 😂
they're 1 way functions
what you can do is hash the correct value again and compare that with the hash value sent to you... if they match, then they're the same
👍 1
z
They just want to "mask" value if someone try to use internalID for something...
a
i'll say it again... context REALLY matters here
so anything I tell you might not be correct for your intended usecase
z
You are very clear with all information shared here
a
whatever record the internalid represents can store the hash value in it... you could set it as the externalid potentially
then when they send that hashedvalue back to you you can do the lookup based on that
c
can you just base64 encode it if they just want to mask it? It isn't sensitive data really so doesn't make sense to encrypt it.
💯 1
a
100% this ^^^
internal id is literally just a number that does nothing?
c
You'd still have to know the account and record type to use it as well
a
and be able to authorize INTO said account lol which is the real security barrier here
1000 1
z
I guess the answer : they combine data from different sources... instead of comparing ids as RAW integer, they are convert ids from all sources into SHA256 hash and then compare
I can’t argue with the security officer 🙂 … Hi said “SHA256ing is important and required” 🙂 🙂
it is an internal project, some people have regular access to NetSuite, but not to all data … for example employees’ salaries. If they steal data with amounts, but don’t know what is that aSDASDASDADA= 🙂
anyway, THANK YOU ALL, I made a debugger test of the example provided by @Anthony OConnor and it works.
👍 2
27 Views
Open in Slack
PreviousNext
Powered by