For example, where is the administrator password?
阿神2017-05-19 10:42:48
Encrypted save to database.
But if only storage is done without transmission, it will be more troublesome for the project to obtain this information. A complete system also needs to manage the deployment environment.
A typical example is PASS passing information to the application through environment variables. Developers deploy an application on PASS. When PASS starts the application, it retrieves the password of the application database from the password database and configures it to the application's environment variable. The application then obtains the password from the environment variable. In this case, even if the application maliciously leaks environment variables, it cannot obtain the password database information.
If PASS cannot be as perfect as this, only specific people will be allowed to manage the deployment environment, manually configure environment variables and deploy.
天蓬老师2017-05-19 10:42:48
The administrator password is used as the login key, and it is at the administrator level. The confidentiality level should be the highest. It should be placed in the database, and it also needs SHA-1, hash, and various encryptions
