PHP source code security on server

前端未结

关注

 8  1849

耶瑟儿～ 2021-01-13 11:57

I am a PHP newbie and a have a php security question. Is it possible for somebody to get the source code of a php script file running on a server with default configuration?

8条回答

陌清茗 (楼主)

2021-01-13 12:25
Exactly what David Dorward said but i would advise you take a look at the following patch(s) that would modify apache to not send source code's regards if there is a misconfiguration.

http://mirror.facebook.net/facebook/patches/ap_source_defense.patch

Patch like so:
```
   cd apache-1.3.x
   patch -p1 -i ap_source_defense.patch
```
More Patches from Facebook Development Team: http://mirror.facebook.net/facebook/patches/

The best way to protect your much needed source is to place them outside the public root directory, as if apache is running it will not be able to serve files directly from the folder up public_html

for example:
```
C:/server/apache/
C:/server/apache/htdocs/
C:/server/apache/htdocs/includes/
```
People can specifically view the files my going to
```
http://hostname.tld/includes/
```
but having the directory structure of:
```
C:/server/apache/
C:/server/apache/includes/
C:/server/apache/htdocs/
```
and then within
```
    C:/server/apache/htdocs/index.php
```
you have
this should protect all major files bar the view file (index.php)
0 讨论(0)

查看其它8个回答
发布评论:

提交评论
- 加载中...