PHP安全性:未处理从服务器检索PHP文件 [英] PHP security : retrieving PHP file from server, un-processed

问题描述

真的有办法吗?从服务器检索原始.php文件(而不是进入服务器的FTP帐户)?这是为什么有工具/脚本来加密php源代码的原因吗?

Is there really a way to do this ? Retrieving raw .php file from the server (other than getting into server's FTP account) ? Is this the reason why there are tools/script to encrypt php source code ?

如果这是真的，那么如何防范呢? (不使用php源代码加密)

If it's true, then how to protect against it ? (without using php source code encryption)

edit:提到的服务器正在运行php，例如. apache-php-mysql，您的标准托管服务器配置.

edit: the server mentioned has php running, eg. apache-php-mysql, your standard hosting server configuration.

推荐答案

如果您正在谈论别人的服务器，那么简短的回答是否".如果第三方可以读取您的PHP源代码，那将是一个很大的安全漏洞，因为PHP文件倾向于包含数据库密码，哈希键，专有算法和其他您不希望落入错误之手的东西.

If you are talking about someone else's server, then the short answer is no. If third parties could read your PHP source code, that would be quite a security hole, since PHP files tend to contain database passwords, hash keys, proprietary algorithms and other goodies that you don't want falling in the wrong hands.

如果您正在谈论自己的服务器(即您自己可以访问)，那么可以在服务器上放一些简单的脚本，这些脚本可以让您指定服务器上任何文件的路径并具有它以明文形式返回. 但是，出于上述原因，您永远都不想在生产服务器上放置这样的脚本.

If you are talking about your own server (ie. that you yourself have access to), then there are simple scripts that you can put on the server, that allow you to specify a path to any file on the server and have it returned as plaintext. However, you NEVER EVER want to place such a script on a production server, for the reasons mentioned above.

这篇关于PHP安全性:未处理从服务器检索PHP文件的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！