如何在没有数据库的情况下存储密码(PHP)?
[英]How to store a password without a database (PHP)?
问题描述
I would like to have a page that requires a password to login, but without a dataabase. 
我想有一个页面需要密码登录,但没有数据库。
I was thinking of having it hard coded in the page, ie: 我想在页面中对其进行硬编码,即:
$password = "something"
Or encrypt it and store it in a text file? 或加密并将其存储在文本文件中?
Any advice is appreciated. 任何建议表示赞赏。
4 个解决方案
解决方案1
4 已采纳 2011-01-22 03:21:57
You could use PHP's md5 encryption libraries to encrypt the password and then store it in the text file. 您可以使用PHP的md5加密库来加密密码,然后将其存储在文本文件中。 Since md5 isn't reversible, the password would be secure. 由于md5不可逆,因此密码是安全的。
You definitely do not want to store in plain text. 你绝对不想以纯文本存储。
You could also store the password in the PHP file, but using the encrypted hash. 您也可以将密码存储在PHP文件中,但使用加密的哈希值。 The advantage of the file is that the data is separated from the business logic, which can make adding a database or the ability to use multiple users/passwords slightly easier. 该文件的优点是数据与业务逻辑分离,这可以使添加数据库或稍微更容易使用多个用户/密码的能力。
UPDATE : If you store the password in plain text in the PHP script unencrypted, anyone who hacks your server or has access to the server can read the contents of your plain-text PHP files. 更新 :如果您以未加密的PHP脚本以纯文本格式存储密码,任何攻击您的服务器或有权访问服务器的人都可以读取纯文本PHP文件的内容。
解决方案2
4 2011-01-22 03:22:30
If it is not going to be in a database, I'd be inclined to store it in a text file that is outside of the servers webroot. 如果它不在数据库中,我倾向于将它存储在服务器webroot之外的文本文件中。 If you store it in the php script, and something happens to the server configuration, it is possible the php script could be served up in plain text, rather than being parsed through php, so the password would be visible. 如果你将它存储在php脚本中,并且服务器配置发生了某些事情,那么php脚本可能以纯文本形式提供,而不是通过php解析,因此密码是可见的。 Granted, under normal circumstances, this would not be very likely to happen, but it is a possible risk. 当然,在正常情况下,这不太可能发生,但这可能存在风险。 Encrypting it may help, but you'll also have to have the decryption key stored someplace, so it would only be a slight inconvenience for someone to decrypt it. 对它进行加密可能有所帮助,但您还必须将解密密钥存储在某个地方,因此对某人进行解密只会带来轻微的不便。 It might be better to store the password in hashed format (eg MD5 or SHA-1), hash the password the user enters using the same method, and then compare the hashes. 以密码格式(例如MD5或SHA-1)存储密码可能更好,使用相同的方法散列用户输入的密码,然后比较散列。
解决方案3
3 2011-01-22 03:22:59
You can do either of those. 你可以做其中任何一个。 Just be sure to store a hash of the password, not the real one for security. 只需确保存储密码的哈希值,而不是真正的密码哈希值。 Here's and extremely simple example. 这是非常简单的例子。
<?
if(md5($_REQUEST['password']) == 'md5ofyourpasswordHERE'){
//do your logged in page stuff here.
} else {
//kick them out or tell them to resupply password.
}
?>
You can also check the username, if that's important to you. 您也可以检查用户名,如果这对您很重要。
Hope that helps! 希望有所帮助!
解决方案4
1 2011-01-22 03:23:37
if you want to store in text file or hardcoded in php script I will recomended to hash it 如果你想存储在文本文件中或硬编码在PHP脚本中我会建议哈希它
- first
echo sha1('your password');第一个echo sha1('your password'); - result string (not readeable) copy and paste in script or text file 结果字符串(不可重定向)复制并粘贴在脚本或文本文件中
- when compare use
if ( sha1($password) == '543f3fc32c232c32') ...当比较使用if ( sha1($password) == '543f3fc32c232c32') ...
you can use also md5 for hashing 你也可以使用md5进行散列
Both methods are one way encripting so "make sure you will remember your password" 这两种方法都是一种编写方式,所以“确保你会记住你的密码”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.