PHP的Readfile方法的安全性问题 [英] Security issues with PHP's Readfile method
问题描述
嘿.在PHP中使用readfile方法时,我应该担心任何安全问题吗?我想使用readfile方法,该方法采用存储在各种第三方服务器上的文件的URL.然后,我将文件提供给用户.凭直觉来看,URL可能指向任何文件似乎都存在风险.另一方面,我仅使用readfile方法(在处理了一些与文件无关的数据之后),并且不确定这是否允许恶意代码在我的服务器上执行.另外,根据手册,如果我想使用带有readfile的URL,则需要启用fopen wrappers.谢谢.
Hey. Are there any security issues I should worry about when using the readfile method in PHP? I'd like to use the readfile method that takes in the URL of a file stored on various third party servers. I then serve the file to the user. Intuitively, it would seem that there would be a risk as the URL could point to any file. On the other hand, I'm only using the readfile method (after processing some file-independent data) and not sure if this would allow anything malicious to execute on my server. Also, according to the manual, it seems that if I want to use a URL with readfile, I need to enable fopen wrappers. Thanks.
推荐答案
readfile不会在您的服务器上执行代码,因此那里没有问题.
readfile does not execute the code on your server so there is no issue there.
但是,有些陌生人可能会使用您的服务器来执行Web请求,以通过发出未经授权的请求或导致过载而使服务器陷入困境,因此在编写此类功能时,请牢记这一点.
However, some strange folks could use your server to perform web requests in order to get your server into trouble by making unauthorized requests or cause overloading so you'll want to keep that in mind when coding this type of functionality.
根据手册,似乎 如果我想将URL与readfile一起使用, 我需要启用fopen包装器
according to the manual, it seems that if I want to use a URL with readfile, I need to enable fopen wrappers
是的,您需要确保 cURL .
Yes, you'll need to make sure that allow_url_fopen is on. if it isn't, you'll have to look into using cURL.
这篇关于PHP的Readfile方法的安全性问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
