duanlan2003
duanlan2003
2014-12-19 16:33
浏览 63
已采纳

在Magento中存储第三方服务凭据的“正确”位置在哪里?

I’m implementing a Magento Extension which connects to a third-party API. I’m brand-new to Magento, but familiar with MVC systems in general.

My question is simply, "Where (and how?) should I store the credentials used to access this third-party API? I could create a database table and store them there, but it feels like overkill. I’ve seen people mention using the Magento cache as a key/value store, but it sounds too fragile. I’ve noticed that Magento seems to have some sort of config object (not really dug into it yet), maybe that’s my best option?

Which of these (if any) is ‘correct’? Which will cause me the fewest headaches in the long run?

it goes without saying that i will need to salt/hash these credentials, but i guess the same question applies to ‘where should i store the salt’?

图片转代码服务由CSDN问答提供 功能建议

我正在实现连接到第三方API的Magento扩展。 我对Magento来说是全新的,但对一般的MVC系统很熟悉。

我的问题很简单,“我应该在哪里(以及如何?)存储用于访问第三个的凭据 -party API?我可以创建一个数据库表并将它们存储在那里,但感觉有些过分。我看到人们提到使用Magento缓存作为键/值存储,但它听起来太脆弱了。我注意到Magento 似乎有一些配置对象(还没有真正挖到它),也许这是我最好的选择?

其中哪一项(如果有的话)是'正确的'?这将导致我 从长远来看,最少的头痛是什么?

不言而喻,我将需要对这些凭证进行加盐/散列,但我想同样的问题适用于'我应该在哪里存储 盐'?

  • 点赞
  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dongxu4023
    dongxu4023 2014-12-20 20:18
    已采纳

    The typical Magento practice for something like this would be to store them in the database. You can define the database fields and user interface to maintain these credentials through the code in your extension.

    A perfect example of this in the core codebase would be the shipping carrier modules. Take a look at app/code/core/Mage/Usa/etc/config.xml:

    ...
    <fedex>
        <account backend_model="adminhtml/system_config_backend_encrypted"/>
        <meter_number backend_model="adminhtml/system_config_backend_encrypted"/>
        <key backend_model="adminhtml/system_config_backend_encrypted"/>
        <password backend_model="adminhtml/system_config_backend_encrypted"/>
        ...
    </fedex>
    ...
    

    By storing the credentials this way, these fields will be available in the administrative section of Magento where a business user can enter or update the credentials and they will be stored as encrypted values in the database. You can access them in your code using Mage::getStoreConfig('carriers/fedex/account'). Hopefully this gets you pointed in the right direction.

    点赞 评论

相关推荐