任何人都可以在没有phpserver的情况下与操作系统通信吗? [英] Can anybody communicate with the operating system without the phpserver?
问题描述
我有一个php脚本,它将上传的文件写入目录。我的
php-script为保存的文件提供了特定的名称。我在
目录中找到了一个文件,其名称不能由php-
脚本给出。可能是某人(不是操作系统的用户)与操作系统通信(创建
文件)而不使用我的php脚本?或者这是不可能的,我的b $ b必须在我的脚本中搜索错误?
谢谢!
" Fro" < sh ************ @ gmail.com写信息
新闻:c0 ****************** **************** @ u69g2000 hse.googlegroups.com ...
我有一个php脚本,它将上传的文件写入目录。我的
php-script为保存的文件提供了特定的名称。我在
目录中找到了一个文件,其名称不能由php-
脚本给出。可能是某人(不是操作系统的用户)与操作系统通信(创建
文件)而不使用我的php脚本?或者这是不可能的,我的b $ b必须在我的脚本中搜索错误?
谢谢!
当然,他们可以破解你的服务器,或者只是你的个人帐户数据,或者是整个服务器的b $ b。但如果您使用信誉良好的第三方
主机,那么他们通过文件上传违反安全性的可能性要高出100或1000倍。
>
当然,他们可以破解你的服务器,或者只是你的个人帐户数据,或者是整个服务器的
。
你说他们可以破解:
1.我的服务器。
2.我的个人帐户数据。
3.整个服务器。
您对个人帐户数据的理解是什么?操作
系统?
删除含糊不清我应该说我没有我的个人
服务器。我使用托管,它提供了一个php-server,它有很多
用户。
但它的可能性是100或1000倍如果您使用信誉良好的第三方
主机,那么他们通过文件上传违反了安全性。
它的可能性是什么的100或1000倍?
Fro写道:
< blockquote class =post_quotes>
>当然,他们可以破解你的服务器,无论是你的个人帐户数据还是整个服务器。
你说他们可以破解:
1.我的服务器。
2.我的个人帐户数据。
3.整个服务器。
您对个人帐户数据的理解是什么?操作
系统?
删除含糊不清我应该说我没有我的个人
服务器。我使用托管,它提供了一个php-server,它有很多
用户。
>但它是100或1000倍如果您使用信誉良好的第三方主机,他们更有可能通过文件上传来破坏安全性。
它的可能性是100或1000倍?
我同意梅森 - 它'你的上传脚本更有可能比其他人攻击你的服务器有空洞
。
因为你使用共享主机,它'很可能他们通过同一主机上的另一个站点来了
。但这不太可能,除非
您的托管公司不知道他们在做什么以及其他网站
主机是黑客网站还是不是''知道他们在做什么。但
任何信誉良好的主机都会阻止这种情况发生。
-
========== ========
删除x来自我的电子邮件地址
Jerry Stuckle
JDS计算机培训公司
js ******* @ attglobal.net
==================
Hi,
I have a php-script which writes uploaded files into a directory. My
php-script gives a specific names to the saved files. I found in the
directory a file which has a name which could not be given by the php-
script. Could it be that somebody (which is not a user of the
operating system) communicate with the operating system (creates
files) without the usage of my php-script? Or it is impossible and I
have to search for a mistake in my script?
Thank you!
"Fro" <sh************@gmail.comwrote in message
news:c0**********************************@u69g2000 hse.googlegroups.com...Hi,
I have a php-script which writes uploaded files into a directory. My
php-script gives a specific names to the saved files. I found in the
directory a file which has a name which could not be given by the php-
script. Could it be that somebody (which is not a user of the
operating system) communicate with the operating system (creates
files) without the usage of my php-script? Or it is impossible and I
have to search for a mistake in my script?
Thank you!Sure, they could hack your server, either just your personal account data or
else the entire server. But it''s 100 or 1000 times more likely that they
breached security through a file upload, if you use a reputable third-party
host.
>Sure, they could hack your server, either just your personal account data or
else the entire server.You say that they can hack:
1. My server.
2. My personal account data.
3. The entire server.
What do you understand under "personal account data"? The operating
system?
To remove "ambiguity" I should say that I do not have "my personal
server". I use a hosting which gives a php-server which has many
users.
But it''s 100 or 1000 times more likely that they
breached security through a file upload, if you use a reputable third-party
host.It is 100 or 1000 times more likely than what?
Fro wrote:>Sure, they could hack your server, either just your personal account data or
else the entire server.You say that they can hack:
1. My server.
2. My personal account data.
3. The entire server.
What do you understand under "personal account data"? The operating
system?
To remove "ambiguity" I should say that I do not have "my personal
server". I use a hosting which gives a php-server which has many
users.
>But it''s 100 or 1000 times more likely that they
breached security through a file upload, if you use a reputable third-party
host.It is 100 or 1000 times more likely than what?
I agree with Mason - it''s much more likely your upload script has holes
in it than someone hacked your server.
Since you''re using a shared host, it''s remotely possible that they came
in through another site on the same host. But that''s unlikely, unless
your hosting company has no idea what they''re doing and other sites on
the host are either hacker sites or don''t know what they''re doing. But
any reputable host will prevent that from happening.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
这篇关于任何人都可以在没有phpserver的情况下与操作系统通信吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
