简体中文(ZH-CN)English(EN)繁体中文(ZH-TW)日本語(JA)한국어(KO)Melayu(MS)Français(FR)Deutsch(DE)
Home
Article
Q&A
Course
Topic
Download
Game
Dictionary
Recent Updates

Home  >  Article  >  Backend Development  >  Website Anti-Injection and Trojan PHP.INI Security Settings_PHP Tutorial

Website Anti-Injection and Trojan PHP.INI Security Settings_PHP Tutorial

WBOY
WBOYOriginal
2016-07-13 17:09:29972browse

When you want to prevent page attacks, you can include an anti-attack file at the head of the page, just like a general anti-injection file. We can do it in three situations:
1. Quote within each file. Such files are possible, but it is inconvenient if there are hundreds of files in a website.
2. Quote it in a common include file, such as the config.inc.php tutorial. This is a good approach, and it is also a popular approach in the market.
3. Referenced in php.ini. If quoted in the configuration file, it will affect all websites, including all pages. This is just like some free space providers that were popular back then. When you open an ftp space for free and upload the website, advertisements will appear in the space. I don't know if this is the method, but the purpose is the same. The advantage of this is: if it is a company or an internal website of an enterprise, it is safe and easy to maintain.


Everyone knows the first two methods. The third method is to find this section in php.ini:

;automatically add files before or after any php document.
;auto_prepend_file = "phpids.php"
;auto_append_file = "alert.php"

The default is empty, please add the included files.
Also found:

;unix: "/path1:/path2"
;include_path = ".:/php/includes"
;
;windows: "path1;path2"
include_path = ".;f:phpnohtdocs"


Because mine is a win environment, the windows option is turned on, and the path can be modified freely. At the same time, such a function also makes it easier for us to attack, such as mounting a horse. There are also many horse-hanging techniques on the "market" now, so I won't go into details. We can use the auto_prepend_file option to mount the horse in batches. We can mount the website on the entire server. The advantages are: it does not affect the speed, does not modify the files, and the method is novel. The disadvantage is: you must have write permissions on php.ini.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629729.htmlTechArticleWhen you want to prevent page attacks, you can include anti-attack files in the head of the page, just like general anti-injection document. We can do this in three situations: 1. Quote within each file. This...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Previous article:PHP determines whether the exe file is normal_PHP tutorialNext article:PHP determines whether the exe file is normal_PHP tutorial

Related articles

See more