dou4121 2015-11-24 03:10
浏览 70
已采纳

在PHP文件而不是用户数据库中存储单个密码

I'm creating an Admin Panel section of a website where there will only be one user. I was thinking of just storing a password in a separate config.php file instead of creating a users table with usersnames and hashed pw's as I typically do for membership areas since it's only one user.

Thoughts on doing this? Has anyone else tried this? Are there some major vulnerabilities I should be aware of?

Example config.php:

$pw = "honeybadgerbubblegum";

Example login.php:

require('config.php');

if(isset($_POST['login']))
{
   $upw = md5($_POST['upw']);
   $pwHashed = md5($pw);
   if($upw === $pwHashed)
   {
   //success
   } 
}
  • 写回答

4条回答 默认 最新

  • dongpo1216 2015-11-24 04:07
    关注

    There are no vulnerabilities if you store the password in a PHP file, however, in that case, when the password is changed, it needs to be overwritten, which means that you need to implement a feature which will regenerate the file if the admin saves a new password.

    Also, I do not really understand the problem of having a table to hold a single row for the admin. It is not really an overkill and it is a safe and sound method, which would help you to not have to implement PHP regenerators.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(3条)

报告相同问题?

悬赏问题

  • ¥15 基于卷积神经网络的声纹识别
  • ¥15 Python中的request,如何使用ssr节点,通过代理requests网页。本人在泰国,需要用大陆ip才能玩网页游戏,合法合规。
  • ¥100 为什么这个恒流源电路不能恒流?
  • ¥15 有偿求跨组件数据流路径图
  • ¥15 写一个方法checkPerson,入参实体类Person,出参布尔值
  • ¥15 我想咨询一下路面纹理三维点云数据处理的一些问题,上传的坐标文件里是怎么对无序点进行编号的,以及xy坐标在处理的时候是进行整体模型分片处理的吗
  • ¥15 CSAPPattacklab
  • ¥15 一直显示正在等待HID—ISP
  • ¥15 Python turtle 画图
  • ¥15 stm32开发clion时遇到的编译问题