涓€銆佸姞瀵嗙畻娉曢€夋嫨涓庨厤缃?/h2>
PHP鏀寔澶氱鍔犲瘑绠楁硶锛屾帹鑽愰噰鐢ˋES-256-CBC浣滀负鏁版嵁搴撹繛鎺ュ弬鏁扮殑鍩虹鍔犲瘑绠楁硶銆傝绠楁硶缁撳悎鍒濆鍖栧悜閲?IV)鍙湁鏁堥槻姝㈡ā寮忔敾鍑伙紝鍚屾椂鍏煎鐧惧害浜戞暟鎹簱鏈嶅姟瑙勮寖銆?/p>
瀵嗛挜绠$悊搴旈伒寰互涓嬪師鍒欙細
- 浣跨敤鐙珛瀵嗛挜瀛樺偍鏈嶅姟鍣?/li>
- 瀹氭湡杞崲鍔犲瘑瀵嗛挜锛堝缓璁?0澶╋級
- 寮€鍙戜笌鐢熶骇鐜闅旂瀵嗛挜
浜屻€佹暟鎹簱杩炴帴鍙傛暟鍔犲瘑
瀵规暟鎹簱璐﹀彿瀵嗙爜杩涜鍒嗗眰鍔犲瘑澶勭悊锛?/p>
- 浣跨敤
password_hash杩涜棣栨鍝堝笇鍔犲瘑 - 閲囩敤AES-256-CBC杩涜浜屾瀵圭О鍔犲瘑
- 鍔犲瘑缁撴灉閫氳繃Base64缂栫爜瀛樺偍
function encryptCredentials($password, $key) {
$iv = openssl_random_pseudo_bytes(16);
return base64_encode(openssl_encrypt(
password_hash($password, PASSWORD_DEFAULT),
'aes-256-cbc',
$key,
0,
$iv
) . '::' . $iv);
}
涓夈€丼SL/TLS浼犺緭灞傚疄鐜?/h2>
閫氳繃PDO鎵╁睍寤虹珛SSL鍔犲瘑杩炴帴锛岄渶閰嶇疆浠ヤ笅鍙傛暟锛?/p>
- 寮哄埗鍚敤SSL楠岃瘉锛?code>PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT锛?/li>
- 鎸囧畾CA璇佷功璺緞
- 璁剧疆SSL鍔犲瘑鍗忚鐗堟湰锛堟帹鑽怲LSv1.2+锛?/li>
鍥涖€佸畬鏁村疄鐜扮ず渚?/h2>
鏁村悎鍔犲瘑妯″潡涓庢暟鎹簱杩炴帴锛?/p>
$encrypted = file_get_contents('/secure/path/credentials.enc');
list($ciphertext, $iv) = explode('::', base64_decode($encrypted), 2);
$password = openssl_decrypt($ciphertext, 'aes-256-cbc', $key, 0, $iv);
$dsn = "mysql:host=bdcloud.example.com;dbname=mydb;charset=utf8mb4";
$options = [
PDO::MYSQL_ATTR_SSL_CA => '/path/cacert.pem',
PDO::MYSQL_ATTR_SSL_VERIFY_SERVER_CERT => true
];
$pdo = new PDO($dsn, $user, $password, $options);
閫氳繃绠楁硶鍒嗗眰銆佸瘑閽ョ鐞嗗拰SSL浼犺緭鐨勪笁灞傞槻鎶や綋绯伙紝鍙湁鏁堜繚闅淧HP涓庣櫨搴︿簯鏁版嵁搴撶殑閫氫俊瀹夊叏銆傚缓璁畾鏈熻繘琛屾笚閫忔祴璇曪紝骞剁洃鎺ф暟鎹簱杩炴帴寮傚父鏃ュ織銆?/p>
