堆栈内存溢出
  简体   繁体   English

如何在安全的PHP脚本文件中存储用户名密码

[英]How to store username passwords in PHP Script file secure

 原文  2015-10-17 17:12:56       php/ mysql/ password-protection

问题描述

Be Clear : This question is not about password encryption/hashing to save into database. 请注意 :此问题不是关于密码加密/散列保存到数据库中的问题。

I have developed a PHP application for a client. 我已经为客户端开发了一个PHP应用程序。 The application is installed on client machine with XAMPP (placed at htdocs/project_name). 该应用程序通过XAMPP安装在客户端计算机上(位于htdocs / project_name)。 Client uses that application locally but the local database is synchronized with remote MYSQL database by Export Report button available on web interface. 客户端在本地使用该应用程序,但是通过Web界面上的“ 导出报告”按钮,本地数据库与远程MYSQL数据库同步。
My concern is when I store a connection string for remote database in my PHP code the username & password are visible to any guys who can hunt PHP script file and can see it. 我担心的是,当我将远程数据库的连接字符串存储在我的PHP代码中时,任何可以搜寻PHP脚本文件并可以看到它的人都可以看到用户名密码 I don't even wish the client be able to view passwords used for remote connection/synchronization. 我什至不希望客户端能够查看用于远程连接/同步的密码。
How can I achieve this? 我该如何实现?

2 个解决方案

解决方案1
 0  2015-10-17 17:26:48

You want to give user permission (login data) to connect to the database but at the same time don't give him permission (login data). 您想授予用户权限(登录数据)以连接到数据库,但同时不要授予他权限(登录数据)。 The only thing that is on my mind to store login data corrupted, and in code decrypt this data with some key hardcoded in the script. 我唯一想到的是存储损坏的登录数据,并用一些在脚本中进行硬编码的密钥在代码中解密该数据。 This is hackable, but if the user is not programmed it is unlikely to do this 这是可以入侵的,但是如果用户未编程,则不太可能这样做

解决方案2
 0  2015-10-17 22:00:20

If you accept Kerckchoff's principle then it is impossible to provide an authentication which is available to a program run by a user without making that token available to the user. 如果您接受Kerckchoff的原理,那么在不将令牌提供给用户的情况下,不可能提供对用户运行的程序可用的身份验证。 If you provided a better description of the problem, specifically the modes of operation you are trying to prevent then we might be able to provide effective solutions (eg encapsulating all data access in packages would restrict access to data for specific users). 如果您对问题进行了更好的描述,特别是要尝试避免的操作模式,那么我们也许可以提供有效的解决方案(例如,将所有数据访问封装在包中将限制特定用户对数据的访问)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在PHP中保护数据库密码配置文件? - How to secure database passwords configure file in PHP? 最安全的方式也将密码存储在php中 - Most secure way too store passwords in php 如何在 PHP 中保护数据库密码? - How to secure database passwords in PHP? 如何从用户名和密码的文本文件检查登录详细信息? 的PHP - How to check login detail from a text file of username and passwords? PHP 如何在PHP中生成(某种程度上)安全密码? - How To Generate (Somewhat) Secure Passwords in PHP? PHP中使用crypt()加密密码的安全性如何? - How secure is encryption for passwords with crypt() in PHP? PHP 多个用户名和密码 - PHP Multiple Username & Passwords 如何保护PHP脚本? - How to secure a PHP script? 在哪里以及如何存储PHP可用的MySQL密码 - Where and how to store MySQL passwords available to PHP 如何在数据库和Cookies中存储密码(PHP / MySQL) - How to Store Passwords in Databases and Cookies (PHP/MySQL)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM