stackoom
  简体   繁体   中英

Joomla:: Is it safe to store plaintext passwords in session for authentication bridge

 原文  2014-09-19 19:19:07       php/ joomla/ joomla3.0

Question

I'm working on a plugin and component for Joomla 3+, and they will be used to interface with an API that requires the plaintext password to be passed via an HTTPS REST URL. I don't want the users to log on multiple times, so I'm wondering if I can ( SAFELY ) store their passwords in a plain text session.

Basically like this...

Authentication Plugin: 

function onUserAuthenticate($credentials, $options, &$response) {
$session = JFactory::getSession();
$session->set('plainpassword', $credentials['password']);
.....
}

Component model: 

public function getItems() {
$session = JFactory::getSession();
$plainpassword = $session->get('plainpassword');
.....
}

I could randomize the session name, but is there anything else I should be aware of?

Any insights would be greatly appreciated!

1 answers

solution1
 0 ACCPTED  2014-10-03 02:31:12

正如Elin所建议的,我最终将加密的密码保存到临时表中。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is it safe to store plaintext passwords in MySQL *temporarily*? Is this a safe way to store my passwords? Safe way to store decryptable passwords Is it safe to store passwords in Lithium sessions? Joomla store data on session Stored passwords in plaintext? Handle Plaintext Passwords… Safely FOSUserBundle keeps saving passwords as plaintext Is it safe to store passwords and other sensitive info in cache files? Is it safe to store non-encoded passwords in a folder with chmod 0700?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM