如何安全地在PHP代码中存储密码? [英] How to safely store a password inside PHP code?

问题描述

如何在PHP代码中输入密码，并确保没有人在浏览器中查看该页面?

How can I have a password inside PHP code and guarantee that no one viewing the page in the browser can retrieve it?

是否:<?php $password = 'password' ?>足够?有没有更好，更安全的方法?

Is: <?php $password = 'password' ?> enough? Is there a better, more secure way of doing this?

推荐答案

这取决于要存储的密码的类型.

That depends on the type of passwords you want to store.

• 如果要存储密码以进行比较，例如具有一个$users数组，那么哈希就是要走的路. sha1 ， md5 或其他任何风味(这是概述)

• If you want to store passwords to compare against, e.g. having an $users array, then hashing is the way to go. sha1, md5 or any other flavor (here’s an overview)

添加盐可以提高安全性，因为相同的密码会不会产生相同的哈希值

Adding a salt accounts for additional security, because the same password will not result in the same hash

更新: password_hash 使用经过多次加盐处理的加盐的强力单向哈希.

Update: password_hash uses a salted, strong one-way hash with multiple rounds.

如果您想存储密码以连接到数据库等其他资源:如果将密码存储在文档根目录之外(即浏览器无法访问)，则最安全.如果不可能，则可以使用.htaccess文件拒绝来自外部的所有请求

If you want to store passwords to connect to other resources like a database: you’re safest if you store your passwords outside your document root, i.e. not reachable by browsers. If that's not possible, you can use an .htaccess file to deny all requests from outside

这篇关于如何安全地在PHP代码中存储密码?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！