如何安全地在PHP代码中存储密码? [英] How to safely store a password inside PHP code?
问题描述
如何在PHP代码中输入密码,并确保没有人在浏览器中查看该页面?
How can I have a password inside PHP code and guarantee that no one viewing the page in the browser can retrieve it?
是否:<?php $password = 'password' ?>
足够?有没有更好,更安全的方法?
Is: <?php $password = 'password' ?>
enough? Is there a better, more secure way of doing this?
推荐答案
这取决于要存储的密码的类型.
That depends on the type of passwords you want to store.
If you want to store passwords to compare against, e.g. having an
$users
array, then hashing is the way to go.sha1
,md5
or any other flavor (here’s an overview)
添加盐可以提高安全性,因为相同的密码会不会产生相同的哈希值
Adding a salt accounts for additional security, because the same password will not result in the same hash
更新: password_hash
使用经过多次加盐处理的加盐的强力单向哈希.
Update: password_hash
uses a salted, strong one-way hash with multiple rounds.
如果您想存储密码以连接到数据库等其他资源:如果将密码存储在文档根目录之外(即浏览器无法访问),则最安全.如果不可能,则可以使用.htaccess
文件拒绝来自外部的所有请求
If you want to store passwords to connect to other resources like a database: you’re safest if you store your passwords outside your document root, i.e. not reachable by browsers. If that's not possible, you can use an .htaccess
file to deny all requests from outside
这篇关于如何安全地在PHP代码中存储密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!