为什么将框架文件夹放在公共根外面更安全？ [英] Why placing framework folder outside public root is safer?

问题描述

为什么总是建议将框架文件放在公共根之外？

Why it is always recommended to place framework files outside of the public root ?

由于有时框架没有 .ini

Given that sometimes a framework doesn't have .ini or .inc files that can be opened by a browser.

推荐答案

那么，将框架源放置在web根目录下绝对没有什么可以获得。由于选择放置文件的位置是免费的，因此使用最低权限原则是合理的：您

Well, there is definitely nothing to be gained from placing framework sources inside the web root. Since the choice of where to place the file is therefore free, it's only logical to go with the principle of least privilege: you don't need web access to these files, so you won't get it.

更具体的原因是框架源可以轻松地公开这些文件的品牌和版本框架在网站上使用（虽然通常也可以通过检查生成的内容获得此信息）;这反过来可以使恶意用户更容易利用已知或新发现的漏洞。

A more concrete reason is that framework sources can easily disclose the brand and version of a framework being used on a website (although this information can also usually be gained by examining the generated content); this in turn can make it easier for malicious users to exploit known or newly discovered vulnerabilities.

这篇关于为什么将框架文件夹放在公共根外面更安全？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！