如何保护PHP文件不被下载? [英] How to secure PHP files from being downloaded?
问题描述
我对PHP,Apache,服务器解释有疑问......我知道,当PHP浏览器从Apache + PHP服务器加载PHP文件时,会解释它,并且只显示HTML和纯文本,但是在那里一种下载这些文件而不是解释它们的方法?
在这种情况下,它会非常不安全,因为MySQL密码是不安全的。
是否有任何安全措施来防止这种情况发生,或者无法下载这些文件?
只要您的服务器安装正确,就不会发生。
尽管一个好的步骤是将所有的实际密码和config.php中的所有密码放在一起并包含它。这样你可以使用htacces阻止该文件,这样,如果你的服务器开始提供原始页面,那么文件将无法访问。
澄清你是否创建一个 .htaccess 文件,并将其放置在与config.php相同的文件夹中,即使直接请求,该文件也不会被提供。只需在这个文件中定义你的配置文件(数据库名称,用户名,密码,哈希等),并将其包括在每个需要它的页面顶部,你就可以很好地去。
< files config.php>
订单允许,拒绝
拒绝所有
< / files>
I have a doubt about PHP, Apache, server interpretation... I know that when a PHP file is loaded by the browser from an Apache+PHP server it is interpreted and only the HTML and plain text is showed but is there a way to download this files instead of interpreting them? In this case it would be very unsecure because MySQL passwords would be unsafe.
Is it any security measure to prevent this or it's impossible to download this files?
As long as your server is setup properly it isn't going to happen.
A good step though is to put all of your actual passwords and whatnot in a config.php and including it. That way you can use htacces too block that file so that should your server ever start serving the raw pages that file won't be accessible anyway.
To clarify if you create a .htaccess file and place it in the same folder as the config.php with the below information that file will not be served, even if requested directly. Simply define your config stuff (db name, user name, password, hashes, etc) in this file and include_once it at the top of each page that needs it and you will be good to go.
<files config.php>
order allow,deny
deny from all
</files>
这篇关于如何保护PHP文件不被下载?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
