Joomla ::在身份验证桥的会话中存储纯文本密码是否安全?
[英]Joomla:: Is it safe to store plaintext passwords in session for authentication bridge
问题描述
I'm working on a plugin and component for Joomla 3+, and they will be used to interface with an API that requires the plaintext password to be passed via an HTTPS REST URL. 
我正在为Joomla 3+开发插件和组件,它们将用于与需要通过HTTPS REST URL传递纯文本密码的API进行接口。 I don't want the users to log on multiple times, so I'm wondering if I can ( SAFELY ) store their passwords in a plain text session. 我不希望用户多次登录,所以我想知道是否可以( 安全 )将他们的密码存储在纯文本会话中。
Basically like this... 基本上像这样
Authentication Plugin: 身份验证插件:
function onUserAuthenticate($credentials, $options, &$response) {
$session = JFactory::getSession();
$session->set('plainpassword', $credentials['password']);
.....
}
Component model: 组件型号:
public function getItems() {
$session = JFactory::getSession();
$plainpassword = $session->get('plainpassword');
.....
}
I could randomize the session name, but is there anything else I should be aware of? 我可以将会话名称随机化,但是还有什么我需要注意的吗?
Any insights would be greatly appreciated! 任何见解将不胜感激!
1 个解决方案
解决方案1
0 已采纳 2014-10-03 02:31:12
正如Elin所建议的,我最终将加密的密码保存到临时表中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.