JSON与数据库 [英] JSON vs DATABASE

问题描述

最近，我不得不制作一个应用程序，以后必须将其上载到多个Web服务器.这样做，我意识到当将管理员密码和用户名存储到json文件中时，不需要数据库连接，因此它始终有效.另外，当将配置保存在json中时，我可以将应用程序复制到Web服务器，然后转到浏览器进行配置.

Recently I had to make an application that later on had to be uploaded to multiple web-servers. Doing this I realized that when storing the admin pass and username's into a json file does not need a db connection so it works all the time. Also when saving the configuration inside json I can just copy my application to web-server and then just go to the browser to do the configuration.

为此使用数据库时，我必须配置此硬编码.比db连接将在connect.php或config.php中声明.上载应用程序时，因为没有数据库连接，所以无法使用它.而且我无法从应用程序内部设置db连接，因为即使我能像密闭汽车内的一把汽车钥匙一样，也无法登录.

When using a database for this I have to configure this hard coded. Than the db connection would be declared inside a connect.php or config.php. When uploading the application I can't use it because there is no db connection. And I cant set A db connection from within the application itself because I can't login even if I could it would be like a car-key inside a closed car.

我的两难选择:这是正确的方法吗?这是节省的方法吗?这是有效的方法吗?首先，你们是如何做到的.

My dilemma: Is this the right way, is this save, is this efficient and above all how did you guys do this.

存储管理员登录名和配置数据的最佳方法是什么

What is the best way to store admin login and configuiration data

推荐答案

Lynks是正确的，这很常见，并且比在源代码管理中输入密码要好，但是，如果这是您正在设计的生产系统，我强烈建议建议使用其他机制进行用户身份验证.

Lynks is correct that this is common and is better than having the password in your source control, however if this is a production system that you are designing, I strongly recommend using a different mechanism for user authentication.

大多数数据库将允许您使用本地系统用户和组，或外部LDAP来管理用户凭据.大多数应用服务器也将为此提供机制，这不是一个新问题.某些系统允许您为受信任的用户创建安全密钥(如SSH密钥)，以允许无密码登录.

Most databases will allow you to use local system users and groups, or external LDAPs to manage your user credentials. Most application servers will have mechanisms for this as well, this is not a new problem. Some systems will allow you to create secure keys (like SSH keys) for trusted users to allow password-less login.

BAD IDEA在生产系统上的任何地方都具有清晰的密码，至少使用有损哈希方法对其进行加扰.请记住，一旦您处理了密码，作为设计人员和开发人员的职责就是尽最大努力确保密码的安全.在决定简单的解决方案之前，请先评估您的所有选择，否则可能会给您和您的客户带来严重的尴尬.您正在使用什么技术?也许我们可以帮助您找到可用的选项.

Having passwords in clear anywhere on a production systems is a BAD IDEA, at least use a lossy hashing method to scramble it. Remember as soon as you are dealing with passwords it is YOUR responsibility as a designer and developer to make your best effort to keep it safe. Please evaluate all your options before deciding on the easy solution that could cost you and your customer serious embarrassment later. What technologies are you using? Maybe we can help you find the options available to you.

请记住，没有什么可以完全隔离.例如，即使这不是关键系统，很多地方也会使用某种特定的密码模式，这将为潜在的黑客提供黑客入侵其他帐户的线索.如果您管理多个用户的密码，则很多用户在许多事情上都使用相同的密码.

Remember, nothing lives in total isolation. For example even if this is not a critical system, a lot of places will use a certain pattern for passwords which will give potential hackers a clue for hacking other accounts. If you manage passwords for multiple users, some users use the same password for a lot of things.

这篇文章不是讲课，而是恳请您确保您探索所有可用的途径，以保持声誉和客户安全.将其视为挑战或困惑，并享受解决它的乐趣.

This post is not meant as a lecture but a plea for you to make sure you explore all avenues available to you to keep you reputation and your customer safe. Think of it as a challenge, or puzzle and have fun tackling it.

这篇关于JSON与数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！