kisscool/simple-haveibeenpwned
Composer 安装命令:
composer require kisscool/simple-haveibeenpwned
包简介
A very simple class to check your password safety against 'Have I Been Pwned' API.
README 文档
README
SimpleHIBP
SimpleHIBP is a very simple way to check your password safety against Troy Hunt's Have I Been Pwned range password API.
Usage
As the idea of this is to keep it simple, you'll just need to call isPasswordSafe() static method, passing it the password you want to test as the only argument, and get a boolean value as the return:
trueif the submited password hasn't been seen in a leakfalseif has been seen
Example
use HIBP\SimpleHIBP;
$password = "someth1ng";
if (SimpleHIBP::isPasswordSafe($password)) {
echo "My password is safe :)";
} else {
echo "My password is unsafe :(";
}
Security
- It's obvious, but your data (password, hashed password) are never stored
- So, there is no cache at all (see Limitation)
Limitation
To keep it simple, there is no caching at all. If you plan to integrate it on a high loaded website, please add some form of caching. Something like that should do the job (for security reason, I highly recommend you not to use the password as a data for the cache key):
use HIBP\SimpleHIBP;
$password = "someth1ng";
$key = "someUniqueUserData";
if (false === ($result = $cache->get($key))) {
$result = SimpleHIBP::isPasswordSafe($password);
$cache->set($key, $result);
}
Credits
Big thanks to Troy Hunt for his amazing work on Have I Been Pwned.
统计信息
- 总下载量: 258
- 月度下载量: 0
- 日度下载量: 0
- 收藏数: 2
- 点击次数: 1
- 依赖项目数: 0
- 推荐数: 0
其他信息
- 授权协议: MIT
- 更新时间: 2019-03-22