如何在 PHP 中保护数据库密码? [英] How to secure database passwords in PHP?

问题描述

当 PHP 应用程序建立数据库连接时，它当然通常需要传递登录名和密码.如果我为我的应用程序使用单一的、最低权限的登录名，那么 PHP 需要在某处知道该登录名和密码.保护该密码的最佳方法是什么?似乎只是在 PHP 代码中编写它不是一个好主意.

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I'm using a single, minimum-permission login for my application, then the PHP needs to know that login and password somewhere. What is the best way to secure that password? It seems like just writing it in the PHP code isn't a good idea.

推荐答案

有些人将此误认为是关于如何在数据库中存储密码的问题.那是错的.它是关于如何存储让您进入数据库的密码.

Several people misread this as a question about how to store passwords in a database. That is wrong. It is about how to store the password that lets you get to the database.

通常的解决方案是将密码从源代码移到配置文件中.然后让系统管理员负责管理和保护该配置文件.这样开发人员就不需要知道任何有关生产密码的信息，并且您的源代码控制中没有密码记录.

The usual solution is to move the password out of source-code into a configuration file. Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.

这篇关于如何在 PHP 中保护数据库密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！