发表新帖
发表新帖

How to safely store a password inside PHP code?

前端 未结
关注
11 1906
轮回少年
轮回少年 2020-12-11 04:12

How can I have a password inside PHP code and guarantee that no one viewing the page in the browser can retrieve it?

Is:

11条回答
  • 温柔的废话
    温柔的废话 (楼主)
    2020-12-11 04:46

    That depends on the type of passwords you want to store.

    • If you want to store passwords to compare against, e.g. having an $users array, then hashing is the way to go. sha1, md5 or any other flavor (here’s an overview)

      Adding a salt accounts for additional security, because the same password will not result in the same hash

      Update: password_hash uses a salted, strong one-way hash with multiple rounds.

    • If you want to store passwords to connect to other resources like a database: you’re safest if you store your passwords outside your document root, i.e. not reachable by browsers. If that's not possible, you can use an .htaccess file to deny all requests from outside

    0 讨论(0)
 看不清?
提交回复
热议问题