php,有没有一个安全的方式来存储密码在cookies? [英] php, is there a safe way to store password in cookies?
问题描述
是否可以在PHP中将密码存储在Cookie中的安全方式
还是不建议使用?
感谢
不建议这样做
...即使加密也是如此。将这些信息存储在客户端计算机上,使他们有机会比较cookies,希望解密。更糟糕的是他们可以嗅探别人的Cookie,然后伪装成该用户!
建议的是让用户通过安全连接登录并发送会话Cookie 。会话cookie包含会话ID,PHP将自动映射到服务器上的会话文件。然后,您可以在会话中存储用户标识。在短时间后,会话应该过期。
会话由PHP自动管理,您应该利用它。
is there a safe way of storing passwords in cookies in php?
or is it not recomended?
thanks
This is not recommended...
... even if encrypted. Storing this information on a client machine gives them the opportunity to compare cookies in the hopes of decrypting. Worse they could sniff a cookie from someone else and then masquerade as that user!
What is recommended is having the user login through a secure connection and sending a session cookie in response. The session cookie contains a session id which PHP will automatically map to a session file on the server. You can then store a user id in the session. After a short time, the session should be expired.
Sessions are automatically managed by PHP and you should take advantage of it.
Here's a tutorial on how to use PHP sessions.
这篇关于php,有没有一个安全的方式来存储密码在cookies?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!