douke6424 2016-10-20 02:27
浏览 8
已采纳

隐藏HTML和AJAX中的文件夹名称

Is there any security risk in revealing PHP folder names? If yes, is there any way to hide the folder names that exist within my html hyperlinks and in my ajax code?

  • 写回答

1条回答 默认 最新

  • doubi1624 2016-10-20 02:49
    关注

    Is there any security risk in revealing PHP folder names?

    To simply say "no" is a poor answer. The answer should be "it depends". For the most part, revealing folder names is a minimal risk, but depending on the information you're trying to obscure/hide, it may be worthwhile to hide folder names. As @nogad points out, you shouldn't just use obscurity to hide away your potential issues, you should focus on securing the actual application.

    For example:

    • Are directory indexes enabled? If someone knows a folders name, and directory indexes are on, they will be able to view the contents of that folder on your site, which may reveal certain elements of your site that you wish to remain private.
    • Do your folders contain things that could be easily crawled via a robot. There are many scripts out there designed to scrape and look for common things like "admin.php", or "/admin/index.php". Maybe you wish to hide that, to make it harder for hackers to find a script.
    • Let's do a for instance. Let's say you have a folder /secretz428, which contains two files. /secretz428/image.php and /secretz428/admin.php. By exposing /secretz428/image.php to your front end users, they may try to dig into this folder, and may happen upon your admin.php. If there is no security on this script (Or it's prone to hacking), you could open up your site to to an attack. The more you obscure from your users, the harder it is for someone to reverse engineer and find exploits in your application.

    Is there any way to hide the folder names that exist within my html hyperlinks and in my ajax code?

    Sure. One way is to obscure it within a php script. For example:

    index.php:

    switch ( $_GET['id'] )
    {
        case '1':
           include('secret_folder/mysecretscript.php');
           break;
    }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥30 Markdown在VScode编辑器下插入视频
  • ¥15 stm32c8t6工程,使用hal库
  • ¥100 有偿求易语言word文档取doc和docx页数方法或模块
  • ¥15 找能接spark如图片的,可议价
  • ¥15 关于#单片机#的问题,请各位专家解答!
  • ¥15 博通raid 的写入速度很高也很低
  • ¥15 目标计数模型训练过程中的问题
  • ¥100 Acess连接SQL 数据库后 不能用中文筛选
  • ¥15 用友U9Cloud的webapi
  • ¥20 电脑拓展屏桌面被莫名遮挡