Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
aopil2021-07-17 20:23:51
PHP
aopil, 2021-07-17 20:23:51

How to compare API key correctly?

Currently implemented as follows:

$request = "SELECT APIKey, FullName FROM users WHERE UserName = '$USER_NAME'";


if((isset($rs->APIKey) && !empty($rs->APIKey)) && (decrypt($rs->APIKey) == $API_KEY))
{
}


Question: Why not use $encAPIKey = encrypt($API_KEY)and substitute it in the SQL query:
$request = "SELECT APIKey, FullName FROM users WHERE UserName = '$USER_NAME' AND APIKey = '$encAPIKey'";


Perhaps I don’t understand something and there are some moments of security violations, etc.?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
T
ThunderCat, 2021-07-17
@ThunderCat

Q: Why not use
Firstly, this way you will not know what the reason is - in the login or in the password, or in both fields. Secondly, it MAY work with keys, but it doesn’t work like that with passwords, there is a different reconciliation algorithm, and it is advisable not to produce entities and create algorithms that are as close as possible in implementation in similar places.

Similar questions
E
Evgeny Samsonov2015-04-05 17:45:37
What is the name of the USB device? 3Reply
A
Artem Melnykov2019-09-11 09:24:58
What to do if android sdk is not installed? 2Reply
I
ibr_982017-04-24 19:18:51
Why doesn't "MouseEnter" work in visual c#? 2Reply
M
MarEeeeeee2021-04-07 17:49:27
Do I get an error when using useState? 3Reply
E
Evgeny Yakushov2019-10-09 19:41:27
How to download a dynamically generated file and make the location of this page? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question