如何不硬编码密码? [英] How to not hardcode passwords?
问题描述
在我的最后一个问题用于存储机密的便携式数据库"最佳答案直到现在告诉使用sqlite-crypt.
In my last question "Portable database for storing secrets" the best answer until now tell to use sqlite-crypt.
阅读 sqlite-crypt 文档,打开数据库的新参数是密码短语.当然,我不想对密码进行硬编码,所以我在想存储该密码的最佳、简单和快速的方法是什么?
Reading sqlite-crypt docs, the new param for open the database is the pass-phrase. Of course, I don't want hardcode the password, so I was thinking what the best, simple and fast method to store that password?
推荐答案
一些选项.
向用户询问密码(也就是他们记住一个密码以获取所有密码)(好主意)
Ask the user for a passkey (aka they memorize one password to get to all their password) (good idea)
在应用程序第一次启动时创建一个密钥,然后以您自己独特的方式对其进行散列(坏主意)
Create a key on the first startup of the app, which is then hashed in your own unique way (bad idea)
混合使用上述方法,也就是给用户一个或两个选项(记住我的密码复选框)
Use a mixture of the above, aka give users the options of one, or two (remember my password checkbox)
这篇关于如何不硬编码密码?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!