I'm creating a small service using api-libraries, such as Twitter. Is it possible to input users password to Twitter-a开发者_运维百科pi crypted. I would not like to store peoples passwords uncrypted on my server, but writing them every time is annoying.
Does someone know?
Martti Laine
You should consider using OAuth.
Here are some examples.
If you're using PHP you can use the GnuPG extension to easily encrypt any credentials on your side, and decrypting them before making the API calls.
Here's a check list of things you need:
- make sure gpg is installed on your system;
- create a gpg key pair and store the files on a safe location;
- optionally password protect the generated private key;
- use PHP's GnuPG extension to encrypt and decrypt data using those keys.
Here's a small PHP example, taken from the gnupg_encrypt() manual:
<?php
$res = gnupg_init();
gnupg_addencryptkey($res,"8660281B6051D071D94B5B230549F9DC851566DC");
$enc = gnupg_encrypt($res, "just a test");
echo $enc;
?>
This technique should also be applied even if you're using OAuth or other password-less authentication method. A common mistake is to use OAuth and not encrypt locally saved tokens as access to those tokens might give anyone the power to act on behalf of the user.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论