Home >Backend Development >PHP Problem >How to prevent backdoor in php
Prevention of php backdoor URL
The so-called backdoor URL refers to a resource that does not need to be called directly, but can be accessed directly through the URL.
For example, a web application may display sensitive information to logged-in users.
Related recommendations: "php Getting Started Tutorial"
Code sample:
<?php $authenticated = FALSE; $authenticated = check_auth(); if ($authenticated) { include './sensitive.php'; } ?>
Risk analysis:
Since sensitive.php is located in the main directory of the website, the browser can skip the verification mechanism and directly access the file. This is because all files in the main directory of the website have a corresponding URL address. In some cases, these scripts may perform an important operation, which increases the risk.
Solution:
In order to prevent backdoor URLs, you need to make sure that all included files are saved outside the main directory of the website. All files saved in the home directory of the website must be directly accessed through URL.
The above is the detailed content of How to prevent backdoor in php. For more information, please follow other related articles on the PHP Chinese website!