如何在php中显示原始密码? [英] How to display original password in php?
本文介绍了如何在php中显示原始密码?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我在注册时已将md5密码插入数据库表。我有一个profile.php页面,显示他/她在注册时输入的用户数据。问题是我的个人资料页面显示md5哈希的用户密码,我想显示他们的原始密码。我怎样才能做到这一点?我不想在没有md5的情况下存储密码。请帮助。
I have inserted a md5 password to my database table during registration. I have a my profile.php page which display user data that he/she entered when register. Problem is my profile page displaying user password with md5 hashed and i want to display their original password. How can i do this? I dont want to store password without md5. Help please.
推荐答案
不仅不应该显示原始密码,也不应该存储在任何地方。身份验证绝对不需要存储密码。您应该了解的一种可能性是使用加密哈希函数。但是这样的功能不应该是MD5,甚至不是SHA-1。发现此类算法易受攻击,不应用于安全目的。但你可以使用SHA-2系列中的一个; SHA2算法在.NET FCL中实现。请参阅:
http://en.wikipedia.org/wiki/Cryptographic_hash_function [< a href =http://en.wikipedia.org/wiki/Cryptographic_hash_functiontarget =_ blanktitle =New Window> ^ ],
http://en.wikipedia.org/wiki/Md5 [ ^ ],
http://en.wikipedia.org/wiki/Sha-1 [ ^ ],
http://en.wikipedia.org / wiki / Sha-2 [ ^ ] ,
http://msdn.microsoft.com /en-us/library/system.security.cryptography.hashalgorithm.aspx [ ^ ]。
关于密码和身份验证的问题,请参阅我过去的答案:
我已经加密了我的密码,但是当我登录时给了我一个错误。如何解密 [ ^ ] ,
使用用户名和密码进行TCP连接 [ ^ ],
解密加密密码 [ ^ ],
以安全的方式存储密码值int sql server [ ^ ]。
-SA
Not only an original password should never be displayed, it should never be stored anywhere. Authentication absolutely does not require storing a password. One possibility you should know about is the use of cryptographic hash functions. But such function should not be MD5, and not even SHA-1. Such algorithms found to be vulnerable and should not be used for security purposes. But you can use one from the SHA-2 family; SHA2 algorithms are implemented in .NET FCL. Please see:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^],
http://en.wikipedia.org/wiki/Md5[^],
http://en.wikipedia.org/wiki/Sha-1[^],
http://en.wikipedia.org/wiki/Sha-2[^],
http://msdn.microsoft.com/en-us/library/system.security.cryptography.hashalgorithm.aspx[^].
On the problem of passwords and authentication, please see also my past answers:
i already encrypt my password but when i log in it gives me an error. how can decrypte it[^],
TCP Connection with username and password[^],
Decryption of Encrypted Password[^],
storing password value int sql server with secure way[^].
—SA
这篇关于如何在php中显示原始密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
