SoliDB Docs
Back to SDBQL Reference

Crypto & Security Functions

Cryptographic hashing, password security, and encoding functions for secure data handling.

Password Hashing (Argon2)

Argon2id is the recommended algorithm for password hashing. It's resistant to GPU cracking attacks and side-channel attacks.

ARGON2_HASH(password)

Securely hash a password using Argon2id with automatic salt generation.

RETURN ARGON2_HASH("mypassword123")
-- "$argon2id$v=19$m=19456,t=2,p=1$..."
ARGON2_VERIFY(hash, password)

Verify a password against a stored Argon2 hash. Returns true/false.

RETURN ARGON2_VERIFY(@storedHash, "mypassword123")
-- true

User Registration & Login Example

-- Registration: Hash password before storing
INSERT {
  email: @email,
  password_hash: ARGON2_HASH(@password),
  created_at: DATE_NOW()
} INTO users

-- Login: Verify password
FOR user IN users
  FILTER user.email == @email
  RETURN {
    valid: ARGON2_VERIFY(user.password_hash, @password),
    user_id: user._key
  }

Security Best Practices

  • Never store plain-text passwords - always use ARGON2_HASH
  • Never log or expose password hashes in API responses
  • Use HTTPS for all authentication endpoints
  • Implement rate limiting on login attempts

Cryptographic Hash Functions

One-way hash functions for checksums, data integrity verification, and non-sensitive hashing needs.

MD5(string)

Computes MD5 hash (128-bit). Fast but not cryptographically secure - use for checksums only.

RETURN MD5("hello world")
-- "5eb63bbbe01eeed093cb22bb8f5acdc3"
SHA256(string)

Computes SHA-256 hash (256-bit). Cryptographically secure for data integrity.

RETURN SHA256("hello world")
-- "b94d27b9934d3e08a52e52d7da7dabfa..."

Hash Function Comparison

Function Output Speed Use Case
MD5 32 hex chars Very Fast Checksums, cache keys, non-security
SHA256 64 hex chars Fast Data integrity, signatures, tokens
ARGON2 PHC string Slow (intentional) Passwords only

Do NOT use MD5/SHA256 for passwords!

MD5 and SHA256 are too fast for password hashing - they can be brute-forced easily. Always use ARGON2_HASH for passwords.

Encoding Functions

Encoding functions for converting data between different representations. Note: encoding is NOT encryption - encoded data can be easily decoded.

BASE64_ENCODE(string)

Encode string to Base64 format. Useful for binary data in JSON or URLs.

RETURN BASE64_ENCODE("Hello World")
-- "SGVsbG8gV29ybGQ="
BASE64_DECODE(string)

Decode Base64 string back to original. Returns error if invalid Base64.

RETURN BASE64_DECODE("SGVsbG8gV29ybGQ=")
-- "Hello World"

Practical Examples

-- Generate API key with checksum
LET key = NANOID(32)
LET checksum = LEFT(SHA256(key), 8)
RETURN CONCAT(key, ".", checksum)

-- Create cache key from query parameters
LET params = JSON_STRINGIFY({user: @userId, page: @page})
RETURN CONCAT("cache:", MD5(params))

-- Encode sensitive data for URL transport
LET data = JSON_STRINGIFY({token: @token, expires: DATE_NOW() + 3600})
RETURN BASE64_ENCODE(data)

-- Verify data integrity
FOR doc IN documents
  LET expectedHash = SHA256(doc.content)
  FILTER doc.content_hash != expectedHash
  RETURN { _key: doc._key, status: "corrupted" }

-- Password change workflow
FOR user IN users
  FILTER user._key == @userId
  FILTER ARGON2_VERIFY(user.password_hash, @currentPassword)
  UPDATE user WITH {
    password_hash: ARGON2_HASH(@newPassword),
    password_changed_at: DATE_NOW()
  } IN users
  RETURN { success: true }

Quick Reference

Function Purpose Example
ARGON2_HASH(pwd) Hash password securely ARGON2_HASH("secret")
ARGON2_VERIFY(hash, pwd) Verify password ARGON2_VERIFY(@hash, "secret")
MD5(str) Fast checksum MD5("data")
SHA256(str) Secure hash SHA256("data")
BASE64_ENCODE(str) Encode to Base64 BASE64_ENCODE("hello")
BASE64_DECODE(str) Decode from Base64 BASE64_DECODE("aGVsbG8=")
Other Functions SDBQL Reference