How can I have a password inside PHP code and guarantee that no one viewing the page in the browser can retrieve it?
Is: <?php $password = 'password' ?>
enough? Is there a better, more secure way of doing this?
The best way is to store password above your root directory. If you decide to have password in php file then no body would able to view because php files are excuted in the server. But if the server does not support php then those files will be delivered as text files and any one can see the password.
We have solved it in this way: Use memcache on server, with open connection from other password server. Save to memcache the password (or even all the password. php file encrypted) plus the decrypt key.
Keeper is another secure password manager that helps you manage login info on Windows, MacOS, Android and iOS devices. A free version gives you unlimited password storage on one device. The step-up version costs $35 a year and lets you sync passwords across multiple device options.
That depends on the type of passwords you want to store.
If you want to store passwords to compare against, e.g. having an $users
array, then hashing is the way to go. sha1
, md5
or any other flavor (here’s an overview)
Adding a salt accounts for additional security, because the same password will not result in the same hash
Update: password_hash
uses a salted, strong one-way hash with multiple rounds.
If you want to store passwords to connect to other resources like a database: you’re safest if you store your passwords outside your document root, i.e. not reachable by browsers. If that's not possible, you can use an .htaccess
file to deny all requests from outside
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With