文件系统安全性如何工作？ [英] How file-system security works?

问题描述

如何从我们的Web服务器保护文件和目录以及如何从我们的网页访问这些文件和目录？

解决方案

文件和目录已经受到保护由系统和Apache。除非您编写旨在解决此保护问题的代码，否则任何人都无法访问它们。问题的其余部分是广泛而模糊的快速回答。



您提供对为某些Web设置的根目录下的所有文件的只读访问权限现场。无法访问任何其他文件系统对象，因为所有Web应用程序都在沙盒环境中执行，该环境仅允许访问属于该站点的文件。



您可以隐藏每个目录中的所有文件，除了那些通过HTML锚元素显式引用或通过您的代码可访问的文件。这是通过不允许目录列表来完成站点的所有目录或某些特定目录，这可以通过.htaccess完成。请参阅： https://wiki.apache.org/httpd/DirectoryListings 。



参见：

http：// httpd。 apache.org/docs/2.2/howto/htaccess.html ，

https：// wiki.apache.org/httpd/Htaccess 。



您可以允许用户以最简单的形式下载任何可以完成的文件，通过带有文件类型的表单元素和输入元素。



使用PHP或任何其他服务器端技术，您可以处理任何HTTP请求并动态创建HTTP动态响应。有关它的一般理解，请参阅：

http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol ，

http://en.wikipedia.org/wiki/Server-side_scripting 。



依旧......

-SA

How to protect files and directories from our web server and how to access this files and directories form our web page?

解决方案

The files and directories are already protected by the system and Apache. Nobody from outside word can access them, unless you write code intended to work around this protection. The rest of the question is to broad and vague for a Quick Answer.

You provide a read-only access to all files under the root directory set up for some Web site. It's not possible to access any other file system object, because all the Web applications are executed in the sandboxed environment which only allows access to the file which belong to the site.

You can hide all the files in each directory except those explicitly referenced via HTML anchor elements or accessible via your code. This done by not allowing directory listings for all the directories of the site or some specific directories, which can be done via .htaccess. Please see: https://wiki.apache.org/httpd/DirectoryListings.

See also:
http://httpd.apache.org/docs/2.2/howto/htaccess.html,
https://wiki.apache.org/httpd/Htaccess.

You can allow the user to download any files, which can be done, in a simplest form, via the form element and input element with the file type.

Using PHP or any other server-side technology, you can handle any HTTP request and create HTTP dynamic response on the fly. For general understanding of it, please see:
http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol,
http://en.wikipedia.org/wiki/Server-side_scripting.

And so on…

—SA

这篇关于文件系统安全性如何工作？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！