发表新帖
发表新帖

How to safely store a password inside PHP code?

前端 未结
关注
11 1901
轮回少年
轮回少年 2020-12-11 04:12

How can I have a password inside PHP code and guarantee that no one viewing the page in the browser can retrieve it?

Is:

11条回答
  • 北海茫月
    北海茫月 (楼主)
    2020-12-11 04:47

    As suggested, store the password sha1, salted and peppered

    function hashedPassword($plainPassword) {
    $salt = '1238765&';
    $pepper = 'anythingelse';    
    return sha1($salt . sha1($plainPassword . $pepper));
}

    and then compare the two values

    if ($stored === hashedPassword('my password')) {
   ...
}

    And if you can't store your hashed passwords outside of the server root, remember to instruct apache to forbid the access to that file, in your .htaccess file:

    
  Order Deny,Allow
  Deny from all

    0 讨论(0)
 看不清?
提交回复
热议问题