如何使用PHP加密此文件?
[英]How to encrypt this file with PHP?
问题描述
I have a php page (just one page - consist of security information and validation) that I want to create an encryption on it, actually in this case I don't have any DB to save data, so I must put the username and password on itself! 
我有一个php页面(仅一页-由安全信息和验证组成),我想在其上创建加密,实际上在这种情况下,我没有任何数据库可以保存数据,因此必须输入用户名和密码本身!
the question is how can I encrypt or hide username and pass in this file and how to check the validation for login ? 问题是如何加密或隐藏用户名并传递此文件,以及如何检查登录验证?
this page must be very secure, till if it lost, they can't access it? 此页面必须非常安全,直到丢失为止,他们将无法访问它?
I check the md5 method for username & Password but how can I hide it on the file :( 我检查了md5方法中的用户名和密码,但是如何将其隐藏在文件中:(
please help me because it's very important to me! 请帮助我,因为这对我非常重要! Thanks a lot ... 非常感谢 ...
2 个解决方案
解决方案1
2 2011-12-24 18:48:01
Hard-coding the password in the PHP file is not per se a huge security issue, as someone would need to access the PHP file anyway to read it: if someone gained access to your PHP files you would have a much bigger problem than your lost password. 在PHP文件中对密码进行硬编码本身并不是一个很大的安全问题,因为无论如何,有人都需要访问PHP文件才能读取它:如果有人可以访问您的PHP文件,那么您面临的问题要比丢失的问题大得多。密码。
However, avoid: 但是,请避免:
- storing the password in clear text, save an hash instead. 以明文形式存储密码,请保存哈希。
- storing the password in JS files, as the source of JS files is accessible by the client 将密码存储在JS文件中,因为客户端可以访问JS文件的源
There are different types of hashes, I would suggest not to use MD5, especially if your password is not very complex. 哈希有多种类型,我建议不要使用MD5,特别是如果您的密码不是很复杂的话。 Sites like this hold databases of MD5 hashes, so your hash could easily be cracked. 像网站这样 MD5哈希保存的数据库,这样你的哈希很容易被破解。 Use something a bit more secure, like SHA256. 使用更安全的东西,例如SHA256。
NOTE: obviously whoever owns the server has the physical access to your files and DB, but if you stored the hash you should be fine. 注意:显然,拥有服务器的任何人都可以物理访问您的文件和数据库,但是如果存储了哈希,就可以了。 If you are really concerned about the possibility that whoever owns the server has a look through your "secure" stuff, you shouldn't be using a shared server as a start. 如果您真的很担心拥有服务器的人有可能浏览您的“安全”资料,那么您不应该以共享服务器为起点。
解决方案2
1 2011-12-24 18:27:13
- Store username/password in a variable/array inside the PHP file. 将用户名/密码存储在PHP文件内的变量/数组中。 Only people with access to your server can see the username then. 这样,只有有权访问您服务器的人员才能看到用户名。
- Storing the information in a file with a strange filename together with a hash algorithm + salt is also a possibility. 将信息与奇怪的文件名以及哈希算法+ salt一起存储在文件中也是可行的。 Using .htaccess to make sure that no one can actually visit it increases the security further. 使用.htaccess可以确保没有人可以实际访问它,从而进一步提高了安全性。
Don't use this to protect something important as it's not really a good way to do it. 不要用它来保护重要的东西,因为这并不是真正的好方法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.