Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
aopil2021-07-17 20:23:51
PHP
aopil, 2021-07-17 20:23:51

How to compare API key correctly?

Currently implemented as follows:

$request = "SELECT APIKey, FullName FROM users WHERE UserName = '$USER_NAME'";


if((isset($rs->APIKey) && !empty($rs->APIKey)) && (decrypt($rs->APIKey) == $API_KEY))
{
}


Question: Why not use $encAPIKey = encrypt($API_KEY)and substitute it in the SQL query:
$request = "SELECT APIKey, FullName FROM users WHERE UserName = '$USER_NAME' AND APIKey = '$encAPIKey'";


Perhaps I don’t understand something and there are some moments of security violations, etc.?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
T
ThunderCat, 2021-07-17
@ThunderCat

Q: Why not use
Firstly, this way you will not know what the reason is - in the login or in the password, or in both fields. Secondly, it MAY work with keys, but it doesn’t work like that with passwords, there is a different reconciliation algorithm, and it is advisable not to produce entities and create algorithms that are as close as possible in implementation in similar places.

Similar questions
A
Arman2016-06-20 12:13:23
How to convert degrees to coordinates? 5Reply
P
Pavel2014-05-18 14:34:20
How to set up Chrome DevTools Autosave on windows? 4Reply
T
thehighhomie2018-11-30 12:28:13
Plugin to generate PDF from JavaScript? 4Reply
H
HAtan2020-09-30 15:30:27
How to process a click and record it? 2Reply
M
Matvey Bubenets2017-04-20 04:38:37
How to disable Remote Desktop Licensing? 6Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question