Home > Article > Backend Development > PHP Security - Backdoor URL
PHP Security - Backdoor URL
- 黄舟Original
- 2017-02-21 09:18:301744browse
Backdoor URL
A backdoor URL refers to a resource that can be accessed directly through the URL without being directly called. For example, the following WEB application may display sensitive information to logged-in users:
Since sensitive.php is located in the main directory of the website, the browser can skip the verification mechanism and access the file directly. This is because all files in the main directory of the website have a corresponding URL address. In some cases, these scripts may perform an important operation, which increases the risk.
To prevent backdoor URLs, you need to make sure to save all included files outside of your website's home directory. All files saved in the home directory of the website must be directly accessed through URL.
The above is the content of PHP Security-Backdoor URL. For more related content, please pay attention to the PHP Chinese website (www.php.cn)!
Related articles
See more- round robin weighted round robin algorithm php implementation code
- PHP strip_tags() function to remove HTML, XML and PHP tags from strings
- Introduction to PHP strip_tags() to remove HTML, XML and PHP tags
- PHP removes html tags--detailed explanation of the difference between strip_tags and htmlspecialchars
- PHP strip_tags method to retain multiple HTML tags