duanfei1930 2015-07-28 17:24
浏览 103
已采纳

可以安全地将私有PHP文件存储在公共目录上并使用require_once加载它们吗?

So currently my websites are structured like this:

/private
    /databaseconfigfile.php
    /otherprivatestuff.php
/public
    /index.php
    /pages
        /page1.php
        /page2.php

I import these private files at the top of each page using:

require_once('../databaseconfigfile.php');

So I can access the define variables within them to populate/generate content.

They contain things like database details, API keys for various 3rd party tools like SMTP, AWS, etc. Is this the correct approach? Or should I be using a different PHP function/approach to access private files? I'm concerned that this approach may be prone to directory traversal attacks.

  • 写回答

2条回答 默认 最新

  • doujinai2183 2015-07-28 18:48
    关注

    Is this the correct approach?

    Yes.

    Or should I be using a different PHP function/approach to access private files?

    No, keeping them outside of your document root should be sufficient. If, for example, you have a Local File Inclusion vulnerability somewhere in your application, you should focus on fixing the vulnerabilities rather than trying to hide your sensitive files.

    Security through obscurity is no security at all.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(1条)

报告相同问题?

悬赏问题

  • ¥15 metadata提取的PDF元数据,如何转换为一个Excel
  • ¥15 关于arduino编程toCharArray()函数的使用
  • ¥100 vc++混合CEF采用CLR方式编译报错
  • ¥15 coze 的插件输入飞书多维表格 app_token 后一直显示错误,如何解决?
  • ¥15 vite+vue3+plyr播放本地public文件夹下视频无法加载
  • ¥15 c#逐行读取txt文本,但是每一行里面数据之间空格数量不同
  • ¥50 如何openEuler 22.03上安装配置drbd
  • ¥20 ING91680C BLE5.3 芯片怎么实现串口收发数据
  • ¥15 无线连接树莓派,无法执行update,如何解决?(相关搜索:软件下载)
  • ¥15 Windows11, backspace, enter, space键失灵