堆栈内存溢出
  简体   繁体   English

以后在纯文本(php)中需要密码时如何保存密码

[英]how do i save passwords when i need them later in plain tex (php)

 原文  2012-02-07 21:23:32       php/ database/ email/ encryption/ passwords

问题描述

I'm making a mail client in php. 我正在用php制作邮件客户端。 My problem is that I need to save the passwords in a database and later retrieve them in plain text when I'm sending mail (I need them for user authentication). 我的问题是,我需要将密码保存在数据库中,然后在发送邮件时以纯文本格式检索密码(我需要使用它们进行用户身份验证)。

Is there a safe way to do that? 有安全的方法吗?

4 个解决方案

解决方案1
 2  2012-02-07 21:25:51

Its best not to store passwords as plain text. 最好不要将密码存储为纯文本。

For authentication, generate a hash ie MD5 of the password, then compare the hash stored in the database. 为了进行身份验证,请生成密码的哈希(即MD5),然后比较存储在数据库中的哈希。 If the hashes match then the user is authenticated. 如果哈希匹配,则对用户进行身份验证。

If the user forgets their password, the password should be reset. 如果用户忘记了密码,则应重设密码。

解决方案2
 2  2012-02-07 21:34:53

If you however do need to store the secrets for later purposes (not for authentication as mentioned before), you can use some kind of encryption like PHP's 但是,如果您确实需要存储机密以便以后使用(而不是前面提到的用于身份验证),则可以使用某种加密方法,例如PHP的

Pick a key per password and store that key somewhere else then your secrets. 为每个密码选择一个密钥,并将该密钥存储在其他地方,然后再保存您的秘密。 Probably the best option would be to extract a key based on some static parameters of the account that owns the password. 最好的选择可能是根据拥有密码的帐户的某些静态参数来提取密钥。

This application logic will also be needed for decrypting the password. 解密密码也需要此应用程序逻辑。 So it would be nice if the de/en-cryption logic runs somewhere isolated from your database storing the encrypted values. 因此,如果解密逻辑在与存储加密值的数据库隔离的某个位置运行,那将是很好的。

解决方案3
 0  2012-02-07 21:31:17

Craig is correct. 克雷格是正确的。 However, I suspect your real question is "How can I save data for later use?" 但是,我怀疑您的真正问题是“如何保存数据供以后使用?”

In this case, you have a couple options: 在这种情况下,您有两种选择:

  • You can use a database such as MySQL, MSSQL, SQLite, or Oracle. 您可以使用MySQL,MSSQL,SQLite或Oracle等数据库。
  • You can write to a file on the server's hard disk 您可以写入服务器硬盘上的文件

解决方案4
 0  2012-02-07 21:33:40

You could query the password from the database. 您可以从数据库中查询密码。

Then after getting it, you can use the 然后,您可以使用 

fwrite(), fopen()

to open and write on your plaintext, google it, their are plenty of examples. 打开并在您的纯文本上写文字,用谷歌搜索,它们有很多例子。 but i agree with @craig1231, its not wise and safe to put vital inforamtions in plaintext and not hashing it. 但是我同意@ craig1231的观点,将重要的信息放在纯文本中而不是对其进行散列是不明智和安全的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何保存ftp密码,但以后再获取普通密码 - how do I save a ftp password but get the plain password later 我如何将函数结果保存到我以后可以使用的变量中 - PHP? - How do i save function result into a variable that i could user later on - PHP? PHP-如何保存cookie并在以后能够引用它 - PHP - How to I save a cookie and be able to refer to it later on MySQL PHP:当我自动添加用户时,如何加密他们的密码 - MySQL PHP: When I automatically add users, how to encrypt their passwords PHP如何循环从html表单获取的数据并将其保存到mysql数据库中? - PHP how do I loop data which I got from html form and save them into mysql databse? 当我需要它们时,如何确保我的PHP会话变量在那里? - How can I make sure my PHP session variables are there when I need them? PHP套接字-我需要使用什么? - PHP sockets - what do I need to work with them? 使用后我是否需要在PHP中销毁对象? - Do I need to destroy objects in PHP after using them? 为什么有两个PHP扩展文件夹? 我都需要吗? - Why are there two extension folders for PHP? Do I need both of them? 如何避免以明文形式存储需要访问的用户密码? - How do I avoid storing user passwords I need to access in plaintext?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM