As the title says I'm trying to use PHP's password_hash function but I know that it is one way hashing so if I use it the password will be unable to be unhashed.
That being said, I want to be able to have an eye next to a password box (like LastPass) within the system that I'm working with that can display the password for admin users of the site but I'm not sure how to do this. Is there a function within PHP or some library that will allow for secure hashing or encryption so that this is possible? Is there another way to do this securely?
I've been looking around stack overflow for a while now just trying to find an answer to this but have to find anything that is close to what I'm wanting to do.
For a quick frame of reference for this. The users of the site can allow for 3rd party companies to login to retrieve files that are being shared with them. The users create the password and share it with the 3rd party. I want to make sure that when the passwords are secured but still allow the users of the site to go back and lookup the password for the 3rd party companies should they forget their password.
正如标题所示,我正在尝试使用PHP的password_hash函数,但我知道这是一种散列方式,如果 我用它密码将无法取消。
话虽如此,我希望能够密切关注我正在使用的系统中的密码框(如LastPass),它可以显示管理员用户的密码 该网站,但我不知道该怎么做。 PHP或某些库中是否有一个函数可以进行安全散列或加密,以便这样做? 有没有其他方法可以安全地做到这一点?
我一直在寻找堆栈溢出一段时间,现在只是想找到答案,但必须找到任何接近我想要做的事情。
为此提供快速参考框架。 该站点的用户可以允许第三方公司登录以检索与他们共享的文件。 用户创建密码并与第三方共享。 我想确保在密码安全但仍然允许网站用户返回并查找第三方公司的密码时,如果他们忘记了密码。
... that will allow for secure hashing or encryption so that [displaying the password for admin users] is possible?
You keep using that word. I do not think it means what you think it means. :-)
Password hashing can either be secure or it can be reversible.
The whole point of password hashing is to be non-reversible. If you want the original password, you're going to have to store it (keeping in mind how insecure this actually is).
At a bare minimum, you'd want the plaintext password somewhere totally separate from, and inaccessible to, the outside world. But the ground is littered from the corpses of password files that companies thought were secure from the general public, so my advice is to steer well clear of this.
微信扫一扫