dongshan4549 2016-12-29 10:02
浏览 188

在哪里保留Web应用程序的私钥和凭据?

I have a webapp that uses keys and credentials to call API endpoints from external services like payment gateways, database providers, and such.

I have these options in mind to keep these values:

  1. Set environmental variables before app start and load them when the app runs. If required values are not available, e.g. not set, exit the app.
  2. On app start, ask user (myself or an administrator) to enter the credentials. If required fields are empty, exit, otherwise continue loading the app.
  3. Keep them in a config file as plain values. This is the least preferable way as to me.

Which of these should I use if I want to keep keys as safe and secure as possible?

  • 写回答

3条回答 默认 最新

  • doutangkao2789 2016-12-29 10:08
    关注

    I think you should, as you said, use configuration files. And maybe encrypt it ?

    评论

报告相同问题?

悬赏问题

  • ¥15 寻一个支付宝扫码远程授权登录的软件助手app
  • ¥15 解riccati方程组
  • ¥15 display:none;样式在嵌套结构中的已设置了display样式的元素上不起作用?
  • ¥30 用arduino开发esp32控制ps2手柄一直报错
  • ¥15 使用rabbitMQ 消息队列作为url源进行多线程爬取时,总有几个url没有处理的问题。
  • ¥15 Ubuntu在安装序列比对软件STAR时出现报错如何解决
  • ¥50 树莓派安卓APK系统签名
  • ¥65 汇编语言除法溢出问题
  • ¥15 Visual Studio问题
  • ¥20 求一个html代码,有偿