Answer the question
In order to leave comments, you need to log in
S
S
Scuba2018-08-31 10:04:59
Scuba, 2018-08-31 10:04:59
How to store tokens from API VKontakte?
Users are authorized on my site through VK and there is a certain set of permissions for using the functionality of the site.
I write these tokens to the database, there are three fields there:
user_id, secret, token
secret - this is a hash that is generated during authorization.
In cookies I write user_id and secret. When opening the site, I look for them in the database, and if we find them, we take the token for work.
Do I save enough data in cookies for safe work and can I store tokens in the database in the usual way or do I need to encrypt them somehow?
2 answer(s)
@k0t3n
@gobananas
A
Alexey Kotenko, 2018-08-31 @k0t3n
It is at least strange to store user_id and secret from VK in cookies of your site.
Perhaps it is worth using the standard authorization mechanisms provided by the framework, and store the data already in the database and associate with the user.
You don't need to encrypt anything, at least the token - you still have to send requests to VK using it.
D
Dmitry Dart, 2018-08-31 @gobananas
secret, as far as I remember, changes every time during authorization, it makes no sense to store
it, I store user_id and token, but the latter can also change sometimes
so that there is no SQL injection, use PDO,
no need to encrypt
Similar questions
K
kasper182018-06-19 14:15:59
Disk encryption in Ubuntu during installation - how secure is it?
2Reply
Z
S
K
O
other_letter2020-07-09 12:00:33
Bitlocker and user profile on another drive. How to download?
2Reply
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question