如何保护PHP文件的.htaccess从与PHP5下载坠毁 [英] how to protect php file with .htaccess from downloading with php5 crashed

问题描述

昨天晚上，我做了一些管理员更改我的网络服务器。我使用PHP。 PHP的处理器不能在更新后，如果有人来到我的主页，PHP页面将只需下载并显示在专用的code和密码给任何人参观。所以我在想，如果有一种方法，以prevent使用的.htaccess任何形式的下载PHP文件 - 但仍然允许文件的正常观看

Last night I made some admin changes to my webserver. I use php. The php processor failed after the update and if someone went to my homepage, the php page would simply download and show the proprietary code and password to anyone visiting. So I was wondering if there is a way to prevent any form of download for php files using .htaccess -- but still allow for normal viewing of the files.

推荐答案

一个很好的模式在开发过程中，遵循的是用最少的初始化文件，它调用驻留在根目录以外的实际应用。只有这样，没有关键信息的最小存根在这样的情况下被暴露出来。

A good pattern to follow during development is to use a minimal initialization file, which invokes the actual application which resides outside the webroot. That way only a minimal stub with no critical information is exposed in a case like this.

简单的例子：

/
  /app
    critical_code.php
  /webroot
    .htaccess   <- rewrites all requests to index.php
    index.php   <- invokes ../app/critical_code.php (or other files as requested)

这篇关于如何保护PHP文件的.htaccess从与PHP5下载坠毁的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！