如何在PHP应用程序中加密我的数据? [英] How should I encrypt my data in a PHP application?
问题描述
这是警告说的,只是为了记录:
不要在应用程序代码中嵌入明文凭据。这样做
是不安全的,不符合最佳做法。您的API凭据必须是
安全地处理。请考虑加密它们以用于任何
生产环境,并确保只有授权的个人
可以查看或修改它们。
提前感谢
首先,设置加密密钥:
$ key ='yourpasswordhere';
$ string ='这里的机密信息'; //注意空格
将其加密到数据库条目或另一个文件中,并将加密的字符串存储在文件本身:
$ encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,md5($ key)),$ string,MCRYPT_MODE_CBC,md5 MD5($键))));
var_dump($ encrypted); //ey7zu5zBqJB0rGtIn5UB1xG03efyCp + KSNR4 / GAv14w =
稍后解密:
$ decryptpted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256,md5($ key)),base64_decode($ encrypted),MCRYPT_MODE_CBC,md5(md5($ key))) \0);
var_dump($ decryptpted); //机密信息
I was trying to use the Paypal PHP SDK and I noticed a warning that says I should encrypt my API username and password for use in production environments. I do agree on this statement, but I'm wondering how I should go about doing that. I currently have no clue.
Here's what the warning says, just for the record:
Do not embed plaintext credentials in your application code. Doing so is insecure and against best practices. Your API credentials must be handled securely. Please consider encrypting them for use in any production environment, and ensure that only authorized individuals may view or modify them.
Thanks in advance.
First, set an encryption key:
$key = 'yourpasswordhere';
$string = ' confidential information here '; // note the spaces
Encrypt it on DB entry or from another file and only store the encrypted string in the file itself:
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
var_dump($encrypted); // "ey7zu5zBqJB0rGtIn5UB1xG03efyCp+KSNR4/GAv14w="
Decrypt it later:
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
var_dump($decrypted); // " confidential information here "
这篇关于如何在PHP应用程序中加密我的数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!