PHP:包含/需要远程源文件的任何逻辑用例? [英] PHP: Any logical use cases for include/requiring remote source files?

问题描述

http://www.php.net/manual/en/features.remote-files.php

我唯一一次想到做 include("http://someotherserver/foo.php") 将是某种奇怪的服务器内部服务接口，但即便如此，我仍能想到一百万种更安全的方法来完成同样的事情.不过，我的具体问题是，有没有人在生产环境中看到过远程包含，这样做有意义吗?

The only time I could ever think of doing include("http://someotherserver/foo.php") would be as some sort of weird intra-server service interface, but even then I could think of a million different ways that were safer to accomplish the same thing. Still, my specific question is, has anyone seen remote includes in a production environment and did it make any sense doing so?

为了澄清一些事情，我会导致任何试图在我工作的生产环境中使用远程包含的人遭受身体伤害......所以是的，我知道这是一个噩梦般的安全漏洞.只是想弄清楚为什么它仍然存在，而不是其他奇怪的想法，如魔术引号和全局变量.

To clear something up, I would cause physical injury to befall anyone who ever tried to use remote includes in a production environment I worked on... So yes I know this is a nightmarish security hole. Just trying to figure out why its still there versus other weird ideas like magic quotes and global variables.

推荐答案

虽然我在现实生活中从未见过这种情况，但我可以想象一个拥有独立物理服务器且没有共享文件系统的农场.您可能拥有一台服务器，其中包含所有代码，即 api.domain.com，而其他服务器也包含其中.如果您有数十或数百个单独的站点，这将使部署更容易.但正如亚历克斯所说，它要求被黑客入侵.

While I've never seen this in real life, I could imagine a farm with separate physical servers with no shared file system. You could possibly have one server with the all the code ie api.domain.com and the other servers include from it. It would make deployments easier if you have tens or hundreds of sepearate sites. But as alex said, it's asking to be hacked.

这篇关于PHP:包含/需要远程源文件的任何逻辑用例?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！