All geek questions in one place

What is a secure way to store Paypal Pro password? (Php)

I am setting up Paypal Pro and considering ways to securely store my password. This is a test code and comments by Paypal. How do I change this to protect my password safely?

I only store 1 password here - our API password.

/** # API_password: The password associated with the API user # If you are using your own API username, enter the API password that # was generated by PayPal below # IMPORTANT - HAVING YOUR API PASSWORD INCLUDED IN THE MANNER IS NOT # SECURE, AND ITS ONLY BEING SHOWN THIS WAY FOR TESTING PURPOSES */ define('API_PASSWORD', 'LJKL235JL532K35');
+4
source share
4 answers

I think the most important thing is to store the password outside your web root folder.

Also, I really don't see what else you can do; if people get access to the folders where the scripts are stored, they also have access to the code that decrypts / retrieves the password, so no matter how good the encryption is, the password will be available. If I didn’t miss something ...

+2
source

I would look at this previous question:

Best passwords handling guidelines?

+1
source

Store it encrypted in your database or file. If you want a more specific answer, you will have to ask a more specific question.

0
source

You can encrypt the password using a key that you know and do not store. I think you need to have the mcrypt extension in your PHP.
I made a set of crypt / decrypt functions if you're interested.

0
source

Source: https://habr.com/ru/post/1336811/

More articles:


All Articles