如何在PHP中保护数据库密码？ [英] How to secure database passwords in PHP?

问题描述

当PHP应用程序进行数据库连接时，它通常需要传递登录名和密码。如果我对我的应用程序使用单一，最小权限登录，那么PHP需要知道登录和密码在某个地方。确保密码的最佳方法是什么？它似乎只是写在PHP代码是不是一个好主意。

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I'm using a single, minimum-permission login for my application, then the PHP needs to know that login and password somewhere. What is the best way to secure that password? It seems like just writing it in the PHP code isn't a good idea.

推荐答案

几个人误解为一个问题如何在数据库中存储密码。那是错的。

Several people misread this as a question about how to store passwords in a database. That is wrong. It is about how to store the password that lets you get to the database.

通常的解决方法是将密码从source-代码转换为配置文件。然后将管理和保护该配置文件保留给系统管理员。这样开发人员不需要知道任何关于生产密码的信息，并且在源代码控制中没有密码记录。

The usual solution is to move the password out of source-code into a configuration file. Then leave administration and securing that configuration file up to your system administrators. That way developers do not need to know anything about the production passwords, and there is no record of the password in your source-control.

这篇关于如何在PHP中保护数据库密码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！