关于服务器的安全有关问题-PHP Tutorial-php.cn

Home

Backend Development

PHP Tutorial

关于服务器的安全有关问题

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 13, 2016 pm 12:09 PM

httpnbspphp

关于服务器的安全问题

首先想问下，在无法登录别人服务器的情况下，如何远程获取到别人服务器的文件？

例如一个项目的整个目录文件。。如果别人有对这个项目进行打包，这样如果知道路径和包名就可以下载，否则不可能？

另外，如何防止数据库用户名和密码的PHP配置文件不小心泄漏呢，如果没办法做到，是不是要加密？还是限制该数据库的远征登录？

想了解这些服务器安全的知识，应该看哪些书，求推荐。。谢谢
------解决思路----------------------
首先想问下，在无法登录别人服务器的情况下，如何远程获取到别人服务器的文件？
不能，除非對方提供不用驗證的下載方法

例如一个项目的整个目录文件。。如果别人有对这个项目进行打包，这样如果知道路径和包名就可以下载，否则不可能？
知道路徑和包名並不一定就可以下載，因為可以在服務器做rewrite的，顯示的路徑並不是文件存放的真實路徑。而文件是可以存放在域名以外的目錄，那麼通過http方式就下載不到了。

另外，如何防止数据库用户名和密码的PHP配置文件不小心泄漏呢，如果没办法做到，是不是要加密？还是限制该数据库的远征登录？
不小心泄漏是人的問題吧，這每辦法避免，最好不要太多人知道用戶名和密碼。
可以把數據庫的account和密碼寫在apache2，使用apache mod_env模块保存php程序敏感信息。
SetEnv dbaccount root
SetEnv dbpass 123456
可參考http://blog.csdn.net/fdipzone/article/details/9388959

想了解这些服务器安全的知识，应该看哪些书，求推荐。。谢谢
多看技術博客和論壇，搜索相關文章。
------解决思路----------------------
关于把用户名与口令设置为环境变量的做法，与 fdipzone 商榷

如果把用户名与口令写死在数据库操作类的连接语句中，那么只有在看到数据库操作类的源代码时才能看到用户名与口令
而数据库操作类是可以放在文件系统的任意地方的，至少找到他是有一定的难度

但如果作为环境变量的话，只需写个小程序就暴露无遗了（print_r($_SERVER)）
况且 httpd.conf 或 .htaccess 都存放在固定位置，很容易就找到了
------解决思路----------------------
当服务器的环境是正常的情况文件也没有服务器环境无法解析的后缀名比如你不要把 PHP 弄成 php.txt 那么这些文件是无法下载的，如果代码有问题可能会显示出源码.
如果你把整个网站压缩到一个rar 文件而且又暴露在了互联网上，比如 http://xxxx/test.rar 那么别人一旦知道路径也肯定是可以下载的，但是多数时候如果你真的要这么做那么也要记得给你的压缩包加上密码

这些东西还没有要到出书的必要，基本上属于一种经验吧，要出书的东西还在后面...

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

PHP Email: Step-by-Step Sending GuideMay 09, 2025 am 12:14 AM

PHPisusedforsendingemailsduetoitsintegrationwithservermailservicesandexternalSMTPproviders,automatingnotificationsandmarketingcampaigns.1)SetupyourPHPenvironmentwithawebserverandPHP,ensuringthemailfunctionisenabled.2)UseabasicscriptwithPHP'smailfunct

How to Send Email via PHP: Examples & CodeMay 09, 2025 am 12:13 AM

The best way to send emails is to use the PHPMailer library. 1) Using the mail() function is simple but unreliable, which may cause emails to enter spam or cannot be delivered. 2) PHPMailer provides better control and reliability, and supports HTML mail, attachments and SMTP authentication. 3) Make sure SMTP settings are configured correctly and encryption (such as STARTTLS or SSL/TLS) is used to enhance security. 4) For large amounts of emails, consider using a mail queue system to optimize performance.

Advanced PHP Email: Custom Headers & FeaturesMay 09, 2025 am 12:13 AM

CustomheadersandadvancedfeaturesinPHPemailenhancefunctionalityandreliability.1)Customheadersaddmetadatafortrackingandcategorization.2)HTMLemailsallowformattingandinteractivity.3)AttachmentscanbesentusinglibrarieslikePHPMailer.4)SMTPauthenticationimpr

Guide to Sending Emails with PHP & SMTPMay 09, 2025 am 12:06 AM

Sending mail using PHP and SMTP can be achieved through the PHPMailer library. 1) Install and configure PHPMailer, 2) Set SMTP server details, 3) Define the email content, 4) Send emails and handle errors. Use this method to ensure the reliability and security of emails.

What is the best way to send an email using PHP?May 08, 2025 am 12:21 AM

ThebestapproachforsendingemailsinPHPisusingthePHPMailerlibraryduetoitsreliability,featurerichness,andeaseofuse.PHPMailersupportsSMTP,providesdetailederrorhandling,allowssendingHTMLandplaintextemails,supportsattachments,andenhancessecurity.Foroptimalu

Best Practices for Dependency Injection in PHPMay 08, 2025 am 12:21 AM

The reason for using Dependency Injection (DI) is that it promotes loose coupling, testability, and maintainability of the code. 1) Use constructor to inject dependencies, 2) Avoid using service locators, 3) Use dependency injection containers to manage dependencies, 4) Improve testability through injecting dependencies, 5) Avoid over-injection dependencies, 6) Consider the impact of DI on performance.

PHP performance tuning tips and tricksMay 08, 2025 am 12:20 AM

PHPperformancetuningiscrucialbecauseitenhancesspeedandefficiency,whicharevitalforwebapplications.1)CachingwithAPCureducesdatabaseloadandimprovesresponsetimes.2)Optimizingdatabasequeriesbyselectingnecessarycolumnsandusingindexingspeedsupdataretrieval.

PHP Email Security: Best Practices for Sending EmailsMay 08, 2025 am 12:16 AM

ThebestpracticesforsendingemailssecurelyinPHPinclude:1)UsingsecureconfigurationswithSMTPandSTARTTLSencryption,2)Validatingandsanitizinginputstopreventinjectionattacks,3)EncryptingsensitivedatawithinemailsusingOpenSSL,4)Properlyhandlingemailheaderstoa

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

How to fix KB5055523 fails to install in Windows 11?

4 weeks agoByDDD

How to fix KB5055518 fails to install in Windows 10?

4 weeks agoByDDD

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Hot Tools

DVWA

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is very vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, to help web developers better understand the process of securing web applications, and to help teachers/students teach/learn in a classroom environment Web application security. The goal of DVWA is to practice some of the most common web vulnerabilities through a simple and straightforward interface, with varying degrees of difficulty. Please note that this software