从 php 表单保存密码。这哪个更安全?
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
$insert = mysql_query("INSERT INTO users(username, password) VALUES( '".$username."', '".md5($pass)."')");
或者
$salt = "zfgse5tfgHk2jdf4hGiuyeV9trejkewQ5kjujPhysftf7agfd";
$pass = crypt($password, "$1$".$salt);
$insert = mysql_query("INSERT INTO users (username, password) VALUES ('".$username."', '".$pass."')");
我正在保存 php 注册表中的表单数据。上述哪些代码是安全的?还有比这些更好的吗?
$pass = substr(md5($_SERVER['REMOTE_ADDR'].microtime().rand(1,100000)),0,6);
$insert = mysql_query("INSERT INTO users(username, password) VALUES( '".$username."', '".md5($pass)."')");
or
$salt = "zfgse5tfgHk2jdf4hGiuyeV9trejkewQ5kjujPhysftf7agfd";
$pass = crypt($password, "$1$".$salt);
$insert = mysql_query("INSERT INTO users (username, password) VALUES ('".$username."', '".$pass."')");
I am saving form data from a php registration form. Which of the above codes is secure? Anything better than these?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
方法#1将彻底破坏一切,你将永远无法再次登录。非常安全(除非你没有转义
$username,在这种情况下它完全没有价值),但可能不是你的意图。方法#2 可行;但这看起来有点愚蠢、复杂,但做一些本应简单的事情。
这是我通常使用的:
其中 Config::HashSalt 是你的长的、更随机的盐字符串。这需要在课堂上进行。以下是结构示例: https://github.com/minitech/ReTicket/ blob/master/config.php
Method #1 will totally break everything, you'll never be able to log in again. Pretty secure (unless you're not escaping
$username, in which case it's totally worthless), but probably not your intention.Method #2 will work; but it looks like a little bit of a silly, complicated way of doing something that should be straightforward.
Here's what I usually use:
where
Config::HashSaltis your long, much more random salt string. This needs to be in a class. Here's an example of the structure: https://github.com/minitech/ReTicket/blob/master/config.php第二个选项(第一个是完全错误的),但略有改变:
Second option(first is totally wrong), but slightly changed: