为api安全地存储密码，无需加密 [英] storing a password securely for api without encrypting it

问题描述

我需要在我的MySql数据库中存储密码，以便与外部公司的API一起使用。

在我的头目中，所有密码都应该在数据库中散列，以防万一网站遭到黑客攻击，信息泄露到互联网上。但是，如果我将密码哈希，我该如何使用API​​，需要一个电子邮件地址&密码访问？

我的网站的用户密码是散列，这是我正在努力的API的密码。

$ b $我想要一个相对简单的解释，请问这个怎么做，我已经阅读了一些类似于我的问题的帖子，但没有找到答案。我可以加密密码。

提前感谢

解决方案

p>我怀疑你的用户密码是加密的（至少我不希望），因为这意味着他们可以被解密（这是BAD的安全实践）。用户密码通常以单向方式散列（例如使用 password_hash ）

但是，使用您的API密码，您可以以双向方式进行加密，而不是散列。在这种情况下，PHP会为您提供 openssl_encrypt 和 openssl_decrypt 函数

I need to store a password in my MySql DB for use with an external company's API.

In my head all passwords should be hashed in a DB in case the website is hacked and the info is leaked onto the internet. However, if I hash the passwords how do I use them with the API which requires an email address & password to access?

User passwords for my website are hashed, it's the password for the API I'm struggling with.

I would like a relatively simple explanation of what to do with this please, I've read a few posts that seem similar to my question but haven't found an answer. I'm OK with encrypting passwords.

Thanks in advance.

解决方案

I doubt your user passwords are encrypted (at least I hope not) as that implies they can be decrypted (which is BAD security practice). User passwords are generally hashed in one-way fashion (for example using password_hash)

However, with your API password you have a genuine case for encrypting in two-way fashion and not hashing it. In that case PHP gives you the openssl_encrypt and openssl_decrypt functions

这篇关于为api安全地存储密码，无需加密的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！