为api安全地存储密码,无需加密 [英] storing a password securely for api without encrypting it
问题描述
我需要在我的MySql数据库中存储密码,以便与外部公司的API一起使用。
在我的头目中,所有密码都应该在数据库中散列,以防万一网站遭到黑客攻击,信息泄露到互联网上。但是,如果我将密码哈希,我该如何使用API,需要一个电子邮件地址&密码访问?
我的网站的用户密码是散列,这是我正在努力的API的密码。
$ b $我想要一个相对简单的解释,请问这个怎么做,我已经阅读了一些类似于我的问题的帖子,但没有找到答案。我可以加密密码。
提前感谢
p>我怀疑你的用户密码是加密的(至少我不希望),因为这意味着他们可以被解密(这是BAD的安全实践)。用户密码通常以单向方式散列(例如使用 password_hash )
但是,使用您的API密码,您可以以双向方式进行加密,而不是散列。在这种情况下,PHP会为您提供 openssl_encrypt 和 openssl_decrypt 函数
I need to store a password in my MySql DB for use with an external company's API.
In my head all passwords should be hashed in a DB in case the website is hacked and the info is leaked onto the internet. However, if I hash the passwords how do I use them with the API which requires an email address & password to access?
User passwords for my website are hashed, it's the password for the API I'm struggling with.
I would like a relatively simple explanation of what to do with this please, I've read a few posts that seem similar to my question but haven't found an answer. I'm OK with encrypting passwords.
Thanks in advance.
I doubt your user passwords are encrypted (at least I hope not) as that implies they can be decrypted (which is BAD security practice). User passwords are generally hashed in one-way fashion (for example using password_hash)
However, with your API password you have a genuine case for encrypting in two-way fashion and not hashing it. In that case PHP gives you the openssl_encrypt and openssl_decrypt functions
这篇关于为api安全地存储密码,无需加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!