I'm working on a plugin and component for Joomla 3+, and they will be used to interface with an API that requires the plaintext password to be passed via an HTTPS REST URL. I don't want the users to log on multiple times, so I'm wondering if I can ( SAFELY ) store their passwords in a plain text session.
Basically like this...
Authentication Plugin:
function onUserAuthenticate($credentials, $options, &$response) {
$session = JFactory::getSession();
$session->set('plainpassword', $credentials['password']);
.....
}
Component model:
public function getItems() {
$session = JFactory::getSession();
$plainpassword = $session->get('plainpassword');
.....
}
I could randomize the session name, but is there anything else I should be aware of?
Any insights would be greatly appreciated!
正如Elin所建议的,我最终将加密的密码保存到临时表中。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.