doq1969 2013-02-02 14:29
浏览 35

PHP文件将密码存储为文本文件

For my very small website that only friends know of, I am developing a password system. I am saving the passwords in a php file like this.

<?php
if($_GET["p"]=="password"){
?>
user1 password1
user2 password2
<?php
}
?>

Then, I can read the password with file_get_contents(pass.php?p="password"); And I can still write the password by writing to the php file just like I would a text file. Is this method insecure? Are there similar methods that are that do not require a database? I don't think my site needs encryption, it wouldn't hurt too much if the passwords were compromised.

  • 写回答

4条回答 默认 最新

  • douduan4116 2013-02-02 14:35
    关注

    Whoa. I would say it's quite insecure. Is there a reason why for not using a database?

    Also alternatively, to make it more secure without a database if you wish, you could create a combination of username+password with md5 and/or sha1 encode and save it as an extensionless file in a directory, and compare if the combination is right with file_exists

    评论

报告相同问题?

悬赏问题

  • ¥15 虚幻5 UE美术毛发渲染
  • ¥15 CVRP 图论 物流运输优化
  • ¥15 Tableau online 嵌入ppt失败
  • ¥100 支付宝网页转账系统不识别账号
  • ¥15 基于单片机的靶位控制系统
  • ¥15 真我手机蓝牙传输进度消息被关闭了,怎么打开?(关键词-消息通知)
  • ¥15 装 pytorch 的时候出了好多问题,遇到这种情况怎么处理?
  • ¥20 IOS游览器某宝手机网页版自动立即购买JavaScript脚本
  • ¥15 手机接入宽带网线,如何释放宽带全部速度
  • ¥30 关于#r语言#的问题:如何对R语言中mfgarch包中构建的garch-midas模型进行样本内长期波动率预测和样本外长期波动率预测