PHP安全 - 密码和凭据管理? [英] PHP security - password and credentials management?
问题描述
在网站上阅读文章后,我变得非常担心我自己的服务器的安全性。
After reading through an article on a site, I became really worried for my own server's security...
在一个PHP文件里面,所有我的主要php页面显示给用户,我的用户名和密码(在我的网站上使用 - 服务器根,mysql根等)插入纯文本...有什么需要担心的吗?任何人都可以阅读php文件(比如下载并阅读它,而不是让服务器执行它)?
Inside a PHP file, which is later on included on all my main php pages that get showed to users, my username and password (used all over my website - server root, mysql root etc) are inserted in plain text... is there anything to worry about? can anyone read the php file (like download it and read it instead of having the server execute it)?
是否有可能使我的用户名和密码被盗?它们是向变量赋值的简单文本字段。
Is there any risk of having my username and password stolen? they are simple text fields giving values to variables.
如果是,是否有任何解决方案,您会建议?像一个加密引擎?或者什么?
If so, is there any solution that you would suggest? like a crypto engine? or something?
提前感谢
推荐答案
存储您的配置文件包含您公开可访问的根文件夹之外的用户名和密码。
Store your configuration file containing usernames and passwords outside of your publicly-accessible root folder.
例如,如果您的根文件夹是 / home / username / public_html / 然后将配置文件存储在 / home / username / 中。
For example, if your root folder is /home/username/public_html/ then store the config file in /home/username/.
你还可以将配置文件包含在运行在 public_html 中的PHP脚本中,但是应该有任何错误(即您的Web服务器开始打印PHP脚本内容而不是处理脚本),那么您的用户名和密码应该仍然是安全的。
You can still include the config file in your PHP scripts running in public_html but should anything go awry (i.e. your web server starts printing PHP script contents rather than processing scripts) then your usernames and passwords should still be safe.
这篇关于PHP安全 - 密码和凭据管理?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
