我需要签署文档,但为此我需要通过 json 传递密码和证书路径
使用这个真的安全吗?我如何在 php 配置文件中实现这些数组?这样就没有人(外部公众)可以访问数据,我知道 php 可以做到这一点。
我正在配置一个 api,其文档中包含以下内容:
配置 API API 配置是通过文件甚至 JSON 格式的数组完成的。
该 JSON 数组包含 API 所需的数据,以了解重要文件的位置,例如数字证书和其他相关信息。
{"atualizacao":"2016-02-02 08:01:21","tpAmb":2,"pathXmlUrlFileNFe":"nfe_ws3_mod55.xml","pathXmlUrlFileCTe":"cte_ws1.xml","pathXmlUrlFileMDFe":"mdfe_ws1.xml","pathXmlUrlFileCLe":"cle_ws1.xml","pathXmlUrlFileNFSe":"","pathNFeFiles":"/MyApp/nfe","pathCTeFiles":"/MyApp/cte","pathMDFeFiles":"/MyApp/mdfe","pathCLeFiles":"/MyApp/cle","pathNFSeFiles":"/MyApp/nfse","pathCertsFiles":"/MyApp/certs/","siteUrl":"http://myapp.local","schemesNFe":"PL_008h2","schemesCTe":"PL_CTE_104","schemesMDFe":"MDFe_100","schemesCLe":"CLe_100","schemesNFSe":"","razaosocial":"Fulano de tal Ltda","siglaUF":"AM","cnpj":"547678524000133","tokenIBPT":"AAAAAAA","tokenNFCe":"GPB0JBWLUR6HWFTVEAS6RJ69GPCROFPBBB8G","tokenNFCeId":"000002","certPfxName":"myapp_2016.pfx","certPassword":"JIO&$@2990_zx","certPhrase":"tajomstvo","aDocFormat":{"format":"P","paper":"A4","southpaw":"1","pathLogoFile":"/MyApp/publico/images/logo.jpg","logoPosition":"L","font":"Times","printer":"hpteste"},"aMailConf":{"mailAuth":"1","mailFrom":"roberto@myapp.local","mailSmtp":"smtp.myapp.local","mailUser":"roberto@myapp.local","mailPass":"heslo$","mailProtocol":"ssl","mailPort":"587","mailFromMail":null,"mailFromName":null,"mailReplayToMail":null,"mailReplayToName":null,"mailImapHost":null,"mailImapPort":null,"mailImapSecurity":null,"mailImapNocerts":null,"mailImapBox":null},"aProxyConf":{"proxyIp":"","proxyPort":"","proxyUser":"","proxyPass":""}}
文档没有显示如何实现它,它只是显示了 json 数组的示例,这也可以在 php 文件中完成,我想我应该将该数组放在 config.json 之类的内容中并在控制器中调用它,我不知道这个调用会怎样,我会把它放在哪里,我可以把它放在任何地方,但我最关心的是需要将个人手指作为密码放在这个矩阵中,json是一个可以访问的文件任何人通过浏览器,我不知道按照他们的建议实施是否合适且安全。这真的是最佳实践吗?
天涯尽头无女友