在PHP中保护SMTP密码 [英] Secure a SMTP password in PHP

问题描述

我将在WordPress插件中使用phpmailer类来支持在我的电子邮件功能中使用SMTP。将密码存储在PHP代码中是否安全？我不愿意将登录名留在那儿，我感到百分百不满意。所以我的问题是：它足够安全吗？我如何轻松地使其更安全？我应该在数据库中将其哈希吗？我知道MD5并不是真的那么安全，但是我想它比将密码放入源代码中更好？

I'm going to use the phpmailer class in my WordPress-plugin to support the use of SMTP in my e-mail function. Is it safe to store the password in the PHP code? I don't feel 100% comfortable with leaving my login there. So my questions: Is it safe enough? How can I easily make it more secure; should I hash it in a database or something? I know MD5 isn't really that secure, but I guess it is better than putting the password in the source code?

推荐答案

从本质上讲，您不能这样做-而且这里有很多帖子都在说。但是，您可以对其进行混淆以使机会主义者远离。最直接的方法是将您的密码放在一个外部配置文件中（这可以帮助您避免明显的错误，例如将密码签入github）。您可以在某种程度上对其进行加密，但是在某些时候，您需要使用其他假定的秘密密钥对其进行解密，因此您回到了第一个方格。

Essentially you can't - and there are many posts on here saying exactly that. You can however obfuscate it to keep opportunists away. The most straightforward way is to put your password in an external config file (which helps you avoid obvious mistakes like checking your password into github). You can encrypt it to some extent, but at some point you need to decrypt it with some other supposedly secret key, so you're back at square one.

md5和sha1（或任何其他哈希函数）与该问题无关；哈希函数根本不适用于此用例。

md5 and sha1 (or any other hashing function) have nothing to do with this question; hash functions are simply not applicable to this use case.

这篇关于在PHP中保护SMTP密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！