凡把我的PHP文件 [英] Where to put my PHP files
问题描述
我已经完成我的PHP项目的开发。它是我的电脑上本地的发展。现在,我准备把它上传我的Web服务器上,并让公众查阅。
I have finished my PHP project development. It was developed locally on my PC. Now I am ready to upload it on my web server and make it publicly accessible.
然而,有一件事困扰我:目前,所有PHP文件都在我的WWW文件夹中的所有HTML,JavaScript中,CSS和图像文件。 PHP文件是敏感的,因为他们访问MySQL数据库,往往包含了原本是属于从用户的加密密码和文件路径。
There is however one thing that bothers me: Currently, all the PHP files are in my WWW folder with all the HTML, JavaScript, CSS, and Images files. PHP files are sensitive, as they access MySQL Database and often contains password and file paths that are meant to remain secret from the users.
如果我离开了WWW目录中的PHP文件,我怕谁,就可以成为访问公众以同样的方式,因为其他文件和图像。恐怕熟练的用户可以下载并阅读,因此,揭示是关于我的Web服务器的秘密信息。
If I leave the PHP files within the WWW directory, am I afraid, they can become accessible to public in the same way, as the other files and images are. I am afraid that skilled users can download and read them, and therefore reveal are the secret information about my web server.
是我的忧虑合法?请问Web服务器会自动隐藏.php文件?我应该PHP的文件移动到另一个位置,从WWW文件夹了吗?有没有保护我的PHP文件被下载任何其他方式?
Are my worries legit? Does the web server automatically hides .php files? Should I move the PHP files into another location, away from WWW folder? Is there any other way to protect my PHP files from being downloaded?
我使用的:
- 的Apache 2.4.7
- PHP 5.5.8
- 的MySQL 5.6.15
非常感谢你。亲切的问候,
Thank you very much. Kind regards,
推荐答案
这是pretty安全。如果您已经安装了PHP,你的网络服务器会一直尝试运行PHP文件而不是显示其code,而且即使code失败,你会得到一个错误信息或空白页,而不是code。
It's pretty safe. If you have PHP installed, your webserver will always try to run the PHP file rather than showing its code, and even if the code fails, you will get an error message or a blank page rather than the code.
除此之外,您可以使用的.htaccess 或其他类型的服务器配置来禁用这些文件的查看。
Apart from that, you can use .htaccess or other kinds of server configuration to disable viewing of those files.
但是.. 必须虽然说,如果这些设置配置不正确,Web服务器可能确实成为了PHP文件为纯文本文件!
But.. It must be said though, that if any of these settings are not configured correctly, the webserver may indeed serve the PHP files as plain text files!
所以,我认为这是把所有PHP文件出来的www文件夹,如果他们不应该直接访问一个好主意。很多时候,你会发现只有一个的index.php它处理所有的请求,包括其他PHP文件。不在WWW(文档根目录),PHP文件仍可以包括在内,所以这是一个很好的安全措施,以将这些文件放在一个单独的文件夹。这样一来,可以减少揭露那些文件时,你犯了一个小小的错误配置的风险。
So I think it is a good idea to move all php files out of the www folder if they should not be accessed directly. Quite often you'll find only one index.php which handles all requests and includes other php files. PHP files that are not in www (the document root), can still be included, so it's a good safety measure to put these files in a separate folder. That way, you reduce the risk of exposing those files when you make a tiny little configuration error.
毕竟,即使当它工作之前,它很容易打破它。也许你要调整你的配置一点,或者你是一个共享的主机所在的托管服务提供商可能会做出改变而不让你知道的,所以它只是一个明智的做法。
After all, even when it worked before, it's very easy to break it. Maybe you want to tweak your configuration a little, or you are on a shared host where the hosting provider might make changes without you knowing, so it's just a wise thing to do.
所以.. 这是将文件从www文件夹的一个好主意。它通常是很容易做到这一点(虽然这取决于你的应用程序结构),所以它只是一个额外的安全措施,通常不会花费你一毛钱。
如果它是硬(因为当前的应用程序结构)的所有文件完全移出文档根,请确保至少有密码的配置文件之外www文件夹中,之后可能暴露任何安全问题的数据库访问文件你可能在你的实现。
So.. It is a good idea to move files out of the www folder. It's usually very easy to do this (although it depends on your application structure), so it's just an extra safety measure that usually won't cost you a dime. And if it's hard (due to your current application structure) to completely move all files out of the document root, make sure that at least configuration files with passwords are outside of the www folder, followed by database access files that might expose any security issues you might have in your implementation.
这篇关于凡把我的PHP文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
