如何编写需要身份验证的网络服务 - PHP [英] how to write webservice which needs authentication - PHP

问题描述

我想为 PHP 编写一个受黑客保护的 Web 服务.谁能给我一个例子如何写?如何发送身份验证标头以及如何在 Web 服务中对其进行管理?

I want to write a hacking protected web services for PHP. Can anyone give me a example how to write that? How to send the authentication headers and how to manage it in the web service?

非常感谢，
天真

Many Thanks,
Naveed

推荐答案

首先.切勿编写自己的身份验证.

First. Never write your own authentication.

第二.避免痛苦并使用 https 为您提供服务.它为身份验证提供了更多既简单又安全的选项.OAuth 2、客户端 SSL 证书 甚至是普通的旧基本 HTTP 身份验证都是选项，如果您要强制执行 https.即使您自己进行令牌传递，您也可能希望通过 SSL 进行传递.

Second. Save yourself the pain and serve your service up using https. It opens a lot more options for authentication that are both simple and secure. OAuth 2, Client Side SSL Certificates and even plain old Basic HTTP authentication are options if you are enforcing https. Even if you're doing your own token passing, you'll probably want to do so over SSL.

如果 https 不是一个选项，您可以考虑 的早期版本不需要 SSL 的 OAuth.

If https isn't an option, you can consider earlier versions of OAuth that don't require SSL.

这篇关于如何编写需要身份验证的网络服务 - PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！