stackoom
  简体   繁体   中英

How to store a password without a database (PHP)?

 原文  2011-01-22 03:16:33       php/ password-storage

Question

I would like to have a page that requires a password to login, but without a dataabase.

I was thinking of having it hard coded in the page, ie: 

$password = "something"

Or encrypt it and store it in a text file?

Any advice is appreciated.

4 answers

solution1
 4 ACCPTED  2011-01-22 03:21:57

You could use PHP's md5 encryption libraries to encrypt the password and then store it in the text file. Since md5 isn't reversible, the password would be secure.

You definitely do not want to store in plain text.

You could also store the password in the PHP file, but using the encrypted hash. The advantage of the file is that the data is separated from the business logic, which can make adding a database or the ability to use multiple users/passwords slightly easier.

UPDATE : If you store the password in plain text in the PHP script unencrypted, anyone who hacks your server or has access to the server can read the contents of your plain-text PHP files.

solution2
 4  2011-01-22 03:22:30

If it is not going to be in a database, I'd be inclined to store it in a text file that is outside of the servers webroot. If you store it in the php script, and something happens to the server configuration, it is possible the php script could be served up in plain text, rather than being parsed through php, so the password would be visible. Granted, under normal circumstances, this would not be very likely to happen, but it is a possible risk. Encrypting it may help, but you'll also have to have the decryption key stored someplace, so it would only be a slight inconvenience for someone to decrypt it. It might be better to store the password in hashed format (eg MD5 or SHA-1), hash the password the user enters using the same method, and then compare the hashes.

solution3
 3  2011-01-22 03:22:59

You can do either of those. Just be sure to store a hash of the password, not the real one for security. Here's and extremely simple example. 

<?
    if(md5($_REQUEST['password']) == 'md5ofyourpasswordHERE'){
         //do your logged in page stuff here.
    } else {
         //kick them out or tell them to resupply password.
    }
?>

You can also check the username, if that's important to you.

Hope that helps!

solution4
 1  2011-01-22 03:23:37

if you want to store in text file or hardcoded in php script I will recomended to hash it

  • first echo sha1('your password');
  • result string (not readeable) copy and paste in script or text file
  • when compare use if ( sha1($password) == '543f3fc32c232c32') ...

you can use also md5 for hashing

Both methods are one way encripting so "make sure you will remember your password"

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to store a password as BCRYPT in a database as '$2a$15' in PHP The best way to store username and password without a database How to store password securely in database How to make mysql and php work together and without show the database password Php, is password reset token without database secure? Test database connection in php without username & password PHP how to secure password in database How to safely store a password inside PHP code? Store an associative PHP array into the database without duplication How to create and store password hashes with Blowfish in PHP
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM