你能看到 PHP 脚本客户端吗? [英] Can you see PHP scripts client side?

问题描述

我要求这样做只是为了使我的网站尽可能安全，因为它将处理个人信息.这就是我选择 PHP 进行编码的原因，因为它在所有服务器端都运行，但我听说有一些技巧可以让您在了解脚本所在的 URL 后阅读脚本.我自己没有亲眼见过这个，所以我只是想澄清一下，以确保在 PHP 中编码是安全明智的最佳选择.

I'm only asking this to make my site as secure as possible since it will be dealing with personal information. This is why I chose PHP to code with as it is ran all server side but I heard there are certain tricks out there that you can read scripts if the URL is learned where the script is. I haven't seen this personally my self so I'm just wanting some clarification to make sure that coding in PHP is this best choice security wise.

基本上我希望至少有可能以某种方式被黑客入侵.一旦我完成了网站的开发，我将应用 SSL 证书，我知道这对来回传输的信息进行加密会有很大帮助.

Basically I want to have at least of a likely to be hacked in some way as possible. I will be applying SSL certificates once I'm done with the development of the site and I know that'll help quite a bit with information being transmitted back and forth being encrypted.

推荐答案

没有人可以看到您的代码，因为 Apache(或您使用的任何 Web 服务器)被指示执行任何 .php 文件，而不是简单地提供(显示)它们默认情况下(使用 .html、.css、.js 等).

Nobody can see your code because Apache (or whatever web server you use) is instructed to EXECUTE any .php files rather than simply serve (display) them as it does by default (with .html, .css, .js, etc).

我认为您可能听说过一般使用 PHP 的一般安全问题 - 如果您使用共享主机(其他用户也使用与您相同的服务器)，他们通常能够以编程方式查看您的代码，也就是说他们可以编写一个 PHP 脚本来列出您的 PHP 脚本——这确实需要他们知道您的脚本存储在哪个物理目录中，但他们可以再次编写一个 PHP 脚本来尝试发现这一点.

I think what you may have heard of is a general security concern using PHP in general - If you are using a shared host (where other users also use the same server as you) they will generally be able to view your code programmatically, that is to say they can write a PHP script which lists your PHP scripts -- this does require that they know the physical directory your scripts are stored in, but again they could write a PHP script to try and discover this.

一般来说这不是问题，但如果我正在做任何敏感的事情(例如接受信用卡付款)，我总是确保我在一个只有我可以通过编程访问的环境中工作(即虚拟服务器或专用服务器 -- 虚拟服务器是指我拥有专用独占访问权限的虚拟机，不要将其与共享服务器的虚拟主机"混淆).

Generally speaking this isn't an issue, but if I'm doing anything of a sensitive nature (such as taking card payments) I always ensure I'm working in an environment only I have programmatical access to (ie. a virtual server or a dedicated server -- By virtual server I mean a virtual machine to which I have dedicated exclusive access, do not confuse this with "Virtual Hosts" which are shared servers).

这篇关于你能看到 PHP 脚本客户端吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！