如何保护PHP文件 [英] How to secure a php file
问题描述
我在现有网站上进行了支付网关集成.付款网关给了我一个API,我使用它进行编码并将其存储在php文件pay.php
I did a payment gateway integration on an existing website. The payment gateway gave me an API which I used and did the coding and stored it in a php file pay.php
我在主网站上有一个结帐表格,单击提交后,它会通过post
将所有需要的数据发送到pay.php
,然后该文件将剩下的数据发送到支付网关.
I have a checkout form in the main website and on clicking submit, it sends all the needed data to pay.php
via post
and then this file does the rest and sends the data over to the payment gateway.
由于此pay.php
文件存储了敏感数据,因此我想对其进行保护,以使其他人都无法像输入http://domain.com/pay.php
或通过其下载那样通过网络浏览器访问它.
Since this pay.php
file stores sensetive data, I want to secure it so that no one else can access it via web brwoser like entering http://domain.com/pay.php
or be able to download it.
现在,虽然我知道通常您不能只下载.php
文件,但前几天我看到了一个网站,该站点可以与.php
文件一起下载我的wordpress博客.
Now while I know that normally you can't just download .php
files, I saw a site the other day which was capable of downloading my wordpress blog along with the .php
files.
此外,每次运行pay.php
文件时,都会生成一个付款链接,因此,我需要确保只有网站http://www.domain.com
能够使用此文件,而没有第三方.
Also every time the pay.php
file is run a payment link is generated, so I need to make sure only the website http://www.domain.com
is able to use this file and no 3rd party.
我已经有了一些想法,例如使用远程IP限制访问等,但是我想知道解决该问题的最佳方法.
I already have a few ideas in my head like limiting access using remote IP and such but would want to know the best possible way to address the issue.
推荐答案
添加到Commusoft的答案中并给出一些替代方案.
To add to the answer of Commusoft and to give a slight alternative.
这部分.htaccess
会拒绝通过浏览器发送的php文件请求,并确保您只能包含来自其他php文件的文件.
This piece of .htaccess
denies php file requests via the browser and makes sure you can only include the file from a different php file.
<Files *.php>
Deny from All
</Files>
将其放在pay.php
所在的单独目录中.
Put this in a separate directory where pay.php
is located.
我认为处理此付款问题的最佳方法是将pay.php
转换为完整类并使用面向对象的类.这样,您可以在任何位置使用该功能,并将变量轻松传递给它.
I think the best way of dealing with this payment issue is to turn the pay.php
into a full class and use it object oriented. That way you can use the functionality in any location and pass variables to it easily.
这篇关于如何保护PHP文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!