如何在根目录之外使用文件 [英] How to use a file outside the root directory

问题描述

我有一个文本文件sec_pwds.txt.在此文件中，我存储了站点成员的用户名和密码.现在，出于安全考虑，我想将此文件放在根目录之外.
我的问题是
如果我将此文件放在根目录之外，那么如何使用PHP在我的站点中使用此文件中的密码和用户名.

I have a text file sec_pwds.txt. In this file I have stored the username and passwords of my site members. Now, I want to put this file outside the root directory for security purpose.
My Question is
If I put this file outside the root directory, How can I use the passwords and usernames from this file in my site using PHP.

推荐答案

即使保留用户名和密码在某些无法访问的文件中似乎是个好主意，无需在任何地方以非加密形式保存任何密码.没有人需要密码(没有人应该看到密码，开发人员是管理员-没有人).稍加思考，您便会了解到身份验证永远不需要原始密码.

仅存储加密的密码a，并使用相同的算法对发布的密码进行加密，然后将加密与加密进行比较.

—SA

Even though keeping usernames and passwords in some inaccessible files seems to be a good idea, there is no need to keep any passwords in non-encrypted form anywhere. Nobody needs passwords (and nobody should ever see it, developer is administrator — nobody). It you think about it just a bit, you will understand that the original passwords never needed for authentication.

Store only encrypted passworda and encrypt posted password using the same algorithm and compare encrypted with encrypted.

—SA

如SA所建议，仅使用相同算法存储加密的密码和加密发布的密码，并比较加密与加密".您可以使用 MCrypt 进行加密.

请参考此 [

As suggested by SA "Store only encrypted password and encrypt posted password using the same algorithm and compare encrypted with encrypted." You can use MCrypt for encryption.

Refer This[^] for its implementation.
I would prefer to store the password in database rather than storing it in a text file.

hope it helps :)

这篇关于如何在根目录之外使用文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！