dongxiz5342 2015-08-25 21:20 采纳率: 100%
浏览 50
已采纳

保护PHP源文件免受file_get_contents()?

I have had more than a few clients ask for the same things. Blogs, shopping carts, newsletter systems, etc.

So, instead of recreating the back-end every time, I've created a cool little PHP application. The first part of my application acts as a package manager. There is a config file that I use to input all the information my packages will need.

The main information that is contained in that config file is the username and password of the administrator (hashed though the password may be), and the connection information to the MySQL database.

I got to thinking about it when I started using file_get_contents() in my packages...can't someone from a remote server list the site directory, and use file_get_contents() from their end to view my PHP source?

Obviously this is a huge security problem if that is, and I can't seem to think of a way to stop that from happening.

Is there a standard way to protect against these kinds of attacks?

  • 写回答

3条回答 默认 最新

  • duanlie4621 2015-08-25 21:38
    关注

    If you fopen(), file_get_contents() or use another PHP function to open a file over HTTP and that file doesn't actually output anything, then nothing will be received. The HTTP server will execute the PHP and send the output just as it does when viewing in a browser.

    So long as your webserver is configure to serve these PHP files after being processed by PHP then there is no issue.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(2条)

报告相同问题?

悬赏问题

  • ¥15 matlab实现基于主成分变换的图像融合。
  • ¥15 对于相关问题的求解与代码
  • ¥15 ubuntu子系统密码忘记
  • ¥15 信号傅里叶变换在matlab上遇到的小问题请求帮助
  • ¥15 保护模式-系统加载-段寄存器
  • ¥15 电脑桌面设定一个区域禁止鼠标操作
  • ¥15 求NPF226060磁芯的详细资料
  • ¥15 使用R语言marginaleffects包进行边际效应图绘制
  • ¥20 usb设备兼容性问题
  • ¥15 错误(10048): “调用exui内部功能”库命令的参数“参数4”不能接受空数据。怎么解决啊