如何在 PHP 中保护硬编码的登录名/密码?
我正在编写一个简单的 PHP 脚本来访问 Foursquare API.PHP 将始终访问同一个 Foursquare 帐户.目前,我在脚本中硬编码了这个登录信息.保护这些信息的最佳方式是什么?
I'm writing a simple PHP script to access the Foursquare API. The PHP will always access the same Foursquare account. For the time being, I have this login information hardcoded in my script. What is the best way to secure this information?
如果我遵循这个帖子的建议,我应该将登录信息放在网站根目录之外的配置文件中:如何在 PHP 中保护数据库密码?
If I follow the advice from this thread, I should just place the login information in a config file outside the website's root directory: How to secure database passwords in PHP?
这是最好的建议吗?还是有更好的方法来保护登录信息?
Is this the best advice? Or is there a better way to secure the login information?
推荐答案
当然,最好的方法是根本不存储它.
The best way, of course, would be to not store it at all.
如果你不能这样做,将它存储在 PHP 文件中(作为变量)应该确保它不会被发送到客户端.如果你真的很担心你的网络服务器突然停止解释 PHP,你可以把它放在一个单独的文件中,在文档根目录之外,或者访问被拒绝的地方(例如通过 .htaccess 指令).
If you can't do that, storing it inside a PHP file (as variables) should ensure it's not going to be sent to the client side. If you're really paranoid about your web server suddenly stopping to interpret PHP, you can put it in a separate file, outside the document root, or where access is denied (through a .htaccess directive, for instance).
相关文章