I was trying to use the Paypal PHP SDK and I noticed a warning that says I should encrypt my API username and password for use in production environments. I do agree开发者_如何学Python on this statement, but I'm wondering how I should go about doing that. I currently have no clue.
Here's what the warning says, just for the record:
Do not embed plaintext credentials in your application code. Doing so is insecure and against best practices. Your API credentials must be handled securely. Please consider encrypting them for use in any production environment, and ensure that only authorized individuals may view or modify them.
Thanks in advance.
Generally, you can store credentials like this in a file outside of the web root. This limits risk, but doesn't get rid of it entirely.
If they can see your code (or even worse, edit it), then they can get your credentials anyway. Encrypting it means you need your encryption key somewhere that would be just as visible as the username/password itself.
First, set an encryption key:
$key = 'yourpasswordhere';
$string = ' confidential information here '; // note the spaces
Encrypt it on DB entry or from another file and only store the encrypted string in the file itself:
$encrypted = base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256, md5($key), $string, MCRYPT_MODE_CBC, md5(md5($key))));
var_dump($encrypted); // "ey7zu5zBqJB0rGtIn5UB1xG03efyCp+KSNR4/GAv14w="
Decrypt it later:
$decrypted = rtrim(mcrypt_decrypt(MCRYPT_RIJNDAEL_256, md5($key), base64_decode($encrypted), MCRYPT_MODE_CBC, md5(md5($key))), "\0");
var_dump($decrypted); // " confidential information here "
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论