duanfei1930 2015-07-28 17:24
浏览 103
已采纳

可以安全地将私有PHP文件存储在公共目录上并使用require_once加载它们吗?

So currently my websites are structured like this:

/private
    /databaseconfigfile.php
    /otherprivatestuff.php
/public
    /index.php
    /pages
        /page1.php
        /page2.php

I import these private files at the top of each page using:

require_once('../databaseconfigfile.php');

So I can access the define variables within them to populate/generate content.

They contain things like database details, API keys for various 3rd party tools like SMTP, AWS, etc. Is this the correct approach? Or should I be using a different PHP function/approach to access private files? I'm concerned that this approach may be prone to directory traversal attacks.

  • 写回答

2条回答 默认 最新

  • doujinai2183 2015-07-28 18:48
    关注

    Is this the correct approach?

    Yes.

    Or should I be using a different PHP function/approach to access private files?

    No, keeping them outside of your document root should be sufficient. If, for example, you have a Local File Inclusion vulnerability somewhere in your application, you should focus on fixing the vulnerabilities rather than trying to hide your sensitive files.

    Security through obscurity is no security at all.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
  • ¥15 随身WiFi网络灯亮但是没有网络,如何解决?
  • ¥15 gdf格式的脑电数据如何处理matlab
  • ¥20 重新写的代码替换了之后运行hbuliderx就这样了
  • ¥100 监控抖音用户作品更新可以微信公众号提醒
  • ¥15 UE5 如何可以不渲染HDRIBackdrop背景
  • ¥70 2048小游戏毕设项目
  • ¥20 mysql架构,按照姓名分表
  • ¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分
  • ¥15 delphi webbrowser组件网页下拉菜单自动选择问题