PHP登录密码问题
[英]PHP login password question
问题描述
我应该允许用户输入什么字符作为密码?
8 个解决方案
解决方案1
4 已采纳 2011-01-20 06:46:53
Whatever characters they like. 
他们喜欢什么字符。 Being told your password is too secure is simply annoying. 被告知您的密码太安全简直令人讨厌。
解决方案2
0
Theoretically, there is no restriction that you need to have. 从理论上讲,没有限制,你需要有。 But from programming ease point of view, I know that ' should not not allowed (mysql injection, etc but if code is written properly, it should not be a problem). 但从编程方便点,我知道, '不应该不允许(MySQL的注射等,但如果代码编写正确,它不应该是一个问题)。
解决方案3
0 2011-01-20 06:48:34
Depends on how much security you need. 取决于您需要多少安全性。 I say upper and lower case letters, numbers, and the majority of symbols (all the top-row symbols, plus question mark, comma, period and maybe a few others). 我说的是大写和小写字母,数字和大多数符号(所有顶行符号,加上问号,逗号,句号,也许还有其他一些符号)。
You should be as unrestrictive as possible. 您应该尽可能不受限制。 Let people use what characters they want. 让人们使用他们想要的字符。
解决方案4
0 2011-01-20 06:50:29
Any character they like, and any length they like (except maybe not over your PHP Post limit). 他们喜欢的任何字符,以及他们喜欢的任何长度(除非未超过PHP Post限制)。 In a good password system, you only store the hash, and when logging in, you only send the hash as well. 在一个好的密码系统中,您只存储哈希,登录时也只发送哈希。 So it shouldn't matter. 所以没关系。
And even if you store the password, you should escape any string you put in the database ( mysql_real_escape_string ), so any character could and should be allowed. 即使存储了密码,也应该转义输入数据库中的任何字符串( mysql_real_escape_string ),因此可以并且应该允许任何字符。 If you store the actual password, you could limit the length to the field size, which I think should be at least 200 chars in that case. 如果您存储实际密码,则可以将长度限制为字段大小,在这种情况下,我认为应该至少为200个字符。
解决方案5
0 2011-01-20 06:51:03
I think you should deside what character set you are using, and limit it only to that. 我认为您应该放弃正在使用的字符集,并且仅将其限制于此。 So if you are not using UTF8 but eg ISO-8859-1, you don't want them writing multi-byte characters. 因此,如果您不是使用UTF8,而是使用ISO-8859-1,则不要让他们写多字节字符。
解决方案6
0 2011-01-20 06:56:03
标准en-US键盘上可用的任何东西都很好。
解决方案7
0 2011-01-20 07:40:54
You can allow any characters to be inserted in the password. 您可以允许在密码中插入任何字符。 Please ensure that you validate the input to prevent MySQL Injection - if encryption is not used. 请确保您验证输入以防止MySQL注入-如果未使用加密。 It's advisable to encrypt the passwords by using at least MD5() or SHA1(). 建议至少使用MD5()或SHA1()来加密密码。
解决方案8
0 2011-01-20 11:13:06
I think the should be allowed to enter every letter they want. 我认为应该允许输入他们想要的每个字母。 But you should enforce a proper length for the password to make it more secure. 但是您应该为密码设置适当的长度,以使其更加安全。 Also I would advise you to use federated login if you could: 如果可以,我也建议您使用联合登录:
- openid: lightopenid is a really easy library. openid:lightopenid是一个非常简单的库。
- facebook connect Facebook的连接
- twitter single sign-in Twitter单点登录
These alternatives are going to be way securer . 这些替代方案将是方式保证器 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.