blocks|key|1389236|text|有一些方法可以混淆它，但是如果有人能够访问该文件，这些方法最终都不会比明文安全得多--因为您还需要在那里解码它才能登录提供者的站点。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1389237|entityMap^0|0^^$0|@$1|2|3|4|5|6|7|D|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|E|8|@]|9|@]|A|$]]]|C|$]]

There are ways to obfuscate it, but ultimately none of those are much safer than plaintext if someone has access to the file - since you also need to decode it there to be able to log in on the provider's site.

blocks|key|2883543|text|该脚本能够将您登录到无人值守的提供者。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|2883544|这意味着任何控制脚本的人都将拥有这个功能，可以通过运行脚本来使用。|2883545|你所能做的一切都无法阻止这一切。唯一的解决方案是要么忍受密码的潜在危害，要么只将脚本放在您控制的服务器上。|2883546|entityMap^0|0|0|0^^$0|@$1|2|3|4|5|6|7|H|8|@]|9|@]|A|$]]|$1|B|3|C|5|6|7|I|8|@]|9|@]|A|$]]|$1|D|3|E|5|6|7|J|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|K|8|@]|9|@]|A|$]]]|G|$]]

The script has the capability to log you in to your provider unattended.

This means that anyone who controls the script will also have this capability, usable by running the script.

Nothing you can do will prevent this. The only solution is to either live with the potential compromise of your password, or to only place the script on a server you control.

blocks|key|2883577|text|如果您想超出它的范围，您可以设置它，使您的密码存储在使用aes_encrpyt加密的mysql数据库中，然后在另一个服务器上创建另一个脚本，通过提供aes_decrypt函数中使用的salt来调用服务器，并使用密码请求密码。|type|unstyled|depth|inlineStyleRanges|offset|length|style|CODE|entityRanges|data|2883578|entityMap^0|S|B|22|B|0^^$0|@$1|2|3|4|5|6|7|H|8|@$9|I|A|J|B|C]|$9|K|A|L|B|C]]|D|@]|E|$]]|$1|F|3|-4|5|6|7|M|8|@]|D|@]|E|$]]]|G|$]]

If you want to go overboard on it you could set it up in such a way that your password is stored in a mysql database encrypted using <code>aes_encrpyt</code> and then you create another script on another server that makes calls to the server with your password requesting the password by providing the salt for use with the <code>aes_decrypt</code> function.

blocks|key|1390393|text|如果有人能够访问源，您就无法保护能够自动登录的系统。我们试着证明一下。|type|unstyled|depth|inlineStyleRanges|entityRanges|data|1390394|1390395|blockquote|1390396|1390397|1390398|System+Smart可以让您登录，而无需您做，anything.|ordered-list-item|offset|length|style|CODE|1390399|Mr.+Evil可以访问System+Smart.|1390400|System+Smart的源，知道如何登录。(从第一个point.)|1390401|Mr.+Evil开始，Systems+Smart就知道了什么。(来自第二个point.)|1390402|Mr.+Evil，它知道如何以您的身份登录。(从第三和第四点开始)|1390403|1390404|结论：这个场景是而不是安全的。|BOLD|1390405|如果你从假设场景是安全的开始，这就是矛盾的证明。|1390406|更新：，但是如果您只想使它比纯文本更难，那么可以使用对称密钥。|1390407|entityMap^0|0|0|0|0|0|0|C|0|0|8|C|C|0|0|C|0|0|8|B|D|0|0|8|0|0|0|3|8|3|0|0|0|3|0^^$0|@$1|2|3|4|5|6|7|15|8|@]|9|@]|A|$]]|$1|B|3|-4|5|6|7|16|8|@]|9|@]|A|$]]|$1|C|3|-4|5|D|7|17|8|@]|9|@]|A|$]]|$1|E|3|-4|5|6|7|18|8|@]|9|@]|A|$]]|$1|F|3|-4|5|6|7|19|8|@]|9|@]|A|$]]|$1|G|3|H|5|I|7|1A|8|@$J|1B|K|1C|L|M]]|9|@]|A|$]]|$1|N|3|O|5|I|7|1D|8|@$J|1E|K|1F|L|M]|$J|1G|K|1H|L|M]]|9|@]|A|$]]|$1|P|3|Q|5|I|7|1I|8|@$J|1J|K|1K|L|M]]|9|@]|A|$]]|$1|R|3|S|5|I|7|1L|8|@$J|1M|K|1N|L|M]|$J|1O|K|1P|L|M]]|9|@]|A|$]]|$1|T|3|U|5|I|7|1Q|8|@$J|1R|K|1S|L|M]]|9|@]|A|$]]|$1|V|3|-4|5|6|7|1T|8|@]|9|@]|A|$]]|$1|W|3|X|5|6|7|1U|8|@$J|1V|K|1W|L|Y]|$J|1X|K|1Y|L|Y]]|9|@]|A|$]]|$1|Z|3|10|5|6|7|1Z|8|@]|9|@]|A|$]]|$1|11|3|12|5|6|7|20|8|@$J|21|K|22|L|Y]]|9|@]|A|$]]|$1|13|3|-4|5|6|7|23|8|@]|9|@]|A|$]]]|14|$]]

You cannot secure a system which is capable of logging you in automatically if someone has access to the source. Let's try to prove it.

<blockquote>
 <ol>
 <li><code>System Smart</code> is able to log you in without you having to do anything.</li>
 <li><code>Mr. Evil</code> has access to the source of <code>System Smart</code>.</li>
 <li><code>System Smart</code> knows what to do to log in as you. (From the first point.)</li>
 <li><code>Mr. Evil</code> knows what <code>Systems Smart</code> knows. (From the second point.)</li>
 <li><code>Mr. Evil</code> knows what to do to log in as you. (From the third and fourth points.)</li>
 </ol>
 
 Conclusion: This scenario is not secure.
</blockquote>

This is proof by contradiction if you start with the hypothesis that the scenario is secure.

Update: But if you want to just make it harder than plain-text then can use a symmetric key.

I wrote a simple PHP script to log into my mobile phone provider's website, check my balance, and send me an email if it's too low. I put the script on a distant server.

It seems that I have to store my password as plaintext in the script to be able to send it to the login page. However, I am a little bit reluctant to do this...

<pre><code>$user="foo";
$password="blah";
</code></pre>

Is there a more secure way?

Automated login and password storage

翻译质量差，导致语言生硬或混乱。

没有提供实际的解决方法或示例。

解答不清晰，无法理解或解决问题。

页面排版不美观，阅读体验差。

文章

问答

视频

教程

学习中心

腾讯云实验室

直播

竞赛

腾讯云代码分析专区

腾讯iOA零信任安全管理系统专区

腾讯云架构师技术同盟交流圈

腾讯云数据库专区

腾讯云智能顾问专区

腾讯云原生专区

腾讯混元专区

腾讯云TCE专区

腾讯云Lighthouse专区

腾讯云HAI专区

腾讯云Edgeone专区

腾讯云存储专区

腾讯云智能专区

腾讯轻联专区 

腾讯云开发专区

TAPD专区

腾讯轻量云游戏服专区

腾讯云最具价值专家

腾讯云架构师技术同盟

腾讯云创作之星

腾讯云开发者先锋

腾讯云代码助手

云原生构建

TAPD 敏捷项目管理

Cloud Studio

SDK中心

API中心

命令行工具

涵盖代码开发、场景应用、自动测试全流程，助你从零构建专属AI助手

一站式MCP教程库，解锁AI应用新玩法

聚焦“写作效率、视觉美观与运行性能”三方面进行全面升级，为您提供更高效、稳定的创作环境

社区富文本&Markdown编辑器全新改版上线，欢迎大家体验!

诚挚邀请您参与本次调研，分享您的真实使用感受与建议。您的反馈至关重要，感谢您的支持与参与！

社区新版编辑器体验调研

我写了一个简单的PHP脚本登录到我的手机提供商的网站，检查我的余额，如果它太低给我发一封电子邮件。我把脚本放在一个远程服务器上。看来，我必须将密码作为明文存储在脚本中，才能将密码发送到登录页面。不过，我有点不愿意这么做.$user="foo";$password="blah";有没有更安全的方法？

问自动登录和密码存储
EN

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问自动登录和密码存储EN