How to secure database passwords in PHP?

后端 未结 16 1224
闹比i
闹比i 2020-11-21 22:41

When a PHP application makes a database connection it of course generally needs to pass a login and password. If I\'m using a single, minimum-permission login for my applica

16条回答
  •  情歌与酒
    2020-11-21 23:23

    For extremely secure systems we encrypt the database password in a configuration file (which itself is secured by the system administrator). On application/server startup the application then prompts the system administrator for the decryption key. The database password is then read from the config file, decrypted, and stored in memory for future use. Still not 100% secure since it is stored in memory decrypted, but you have to call it 'secure enough' at some point!

提交回复
热议问题