可以查看网站的PHP代码？ [英] Possible to view PHP code of a website?

问题描述

是否有可能以某种方式查看另一个网站的php文件/代码？

或者为了解释这个问题，我的php代码是否可以被任何人查看？访问该文件？

如果是这样，我该如何最好地防止这种情况？

Ubuntu 9.10和PHP版本是5+（Apache2）解决方案

服务器中的漏洞或安全漏洞（Apache或PHP引擎）或您自己的PHP代码，可能允许攻击者访问您的代码。

例如，如果您有PHP脚本允许人们下载文件，攻击者可以诱骗这个脚本下载一些PHP文件，然后你的代码就可以泄露。

由于无法消除软件中的所有错误，如果有人真的想盗取你的代码，并且他们有足够的资源，那么他们有可能获得合理的机会。

然而，只要您的服务器保持最新状态，那些偶然感兴趣的人就无法看到PHP源代码，除非您的代码中存在一些明显的安全漏洞。

阅读 PHP手册的安全部分作为保留代码的起点安全。

Is it possible to somehow view another websites php files/codes?

Or to rephrase the question, Can my php codes be viewed by anybody except for those who have access to the file?

If so, how can I best prevent this?

Ps: Server OS is Ubuntu 9.10 and PHP version is 5+ (Apache2)

解决方案

A bug or security vulnerability in the server (either Apache or the PHP engine), or your own PHP code, might allow an attacker to obtain access to your code.

For instance if you have a PHP script to allow people to download files, and an attacker can trick this script into download some of your PHP files, then your code can be leaked.

Since it's impossible to eliminate all bugs from the software you're using, if someone really wants to steal your code, and they have enough resources, there's a reasonable chance they'll be able to.

However, as long as you keep your server up-to-date, someone with casual interest is not able to see the PHP source unless there are some obvious security vulnerabilities in your code.

Read the Security section of the PHP manual as a starting point to keeping your code safe.

这篇关于可以查看网站的PHP代码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！