Home >Backend Development >PHP Problem >How to prevent backdoor in php

How to prevent backdoor in php

爱喝马黛茶的安东尼
爱喝马黛茶的安东尼Original
2019-09-27 16:24:203589browse

How to prevent backdoor in php

Prevention of php backdoor URL

The so-called backdoor URL refers to a resource that does not need to be called directly, but can be accessed directly through the URL.

For example, a web application may display sensitive information to logged-in users.

Related recommendations: "php Getting Started Tutorial"

Code sample:

<?php
$authenticated = FALSE;
$authenticated = check_auth();
if ($authenticated)
{
    include &#39;./sensitive.php&#39;;
}
?>

Risk analysis:

Since sensitive.php is located in the main directory of the website, the browser can skip the verification mechanism and directly access the file. This is because all files in the main directory of the website have a corresponding URL address. In some cases, these scripts may perform an important operation, which increases the risk.

Solution:

In order to prevent backdoor URLs, you need to make sure that all included files are saved outside the main directory of the website. All files saved in the home directory of the website must be directly accessed through URL.

The above is the detailed content of How to prevent backdoor in php. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn