如何在PHP中保护硬编码的登录名/密码? [英] How do I secure a hardcoded login/password in PHP?

问题描述

我正在编写一个简单的PHP脚本来访问Foursquare API. PHP将始终访问相同的Foursquare帐户.目前，我的登录信息已硬编码在脚本中.保护此信息的最佳方法是什么?

I'm writing a simple PHP script to access the Foursquare API. The PHP will always access the same Foursquare account. For the time being, I have this login information hardcoded in my script. What is the best way to secure this information?

如果我遵循此线程的建议，则应将登录信息放在网站根目录之外的配置文件中: 如何在PHP中保护数据库密码?

If I follow the advice from this thread, I should just place the login information in a config file outside the website's root directory: How to secure database passwords in PHP?

这是最好的建议吗?还是有更好的方法来保护登录信息?

Is this the best advice? Or is there a better way to secure the login information?

推荐答案

当然，最好的方法是根本不存储它.

The best way, of course, would be to not store it at all.

如果您不能这样做，请将其存储在PHP文件中(作为变量)应确保不会将其发送到客户端.如果您真的对Web服务器突然停止解释PHP感到疑惑，可以将其放在文档根目录之外或访问被拒绝的地方(例如，通过.htaccess指令)的单独文件中.

If you can't do that, storing it inside a PHP file (as variables) should ensure it's not going to be sent to the client side. If you're really paranoid about your web server suddenly stopping to interpret PHP, you can put it in a separate file, outside the document root, or where access is denied (through a .htaccess directive, for instance).

这篇关于如何在PHP中保护硬编码的登录名/密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！