Questions about server security

Source: Internet
Author: User
For server security questions, first of all, how can I remotely obtain files from other servers when I cannot log on to another server? & Nbsp; for example, the entire directory file of a project .. & Nbsp; if someone else packages this project, you can download it if you know the path and package name. Otherwise, it is impossible? In addition, how can we prevent accidental leakage of PHP configuration files for database usernames and passwords? If not, do you need to encrypt them? & Nbsp; or does it limit the remote login of the database? Server Security issues

First of all, I would like to ask how to remotely obtain files from others' servers if I cannot log on to another server?

For example, the entire directory file of a project .. If someone else packages this project, you can download it if you know the path and package name. Otherwise, it is impossible?

In addition, how can we prevent accidental leakage of PHP configuration files for database usernames and passwords? If not, do you need to encrypt them? Or is it possible to restrict the remote login of the database?

To learn about server security, which books should be read and recommended .. Thank you.
------ Solution ----------------------
First of all, I would like to ask how to remotely obtain files from others' servers if I cannot log on to another server?
No, unless the other party provides a method for downloading without a license

For example, the entire directory file of a project .. If someone else packages this project, you can download it if you know the path and package name. Otherwise, it is impossible?
Knowing the path and package name does not necessarily allow you to perform a rewrite operation on the server, because the path shown in the statement is not the actual path of file storage. Files can be stored outside the domain name, so they cannot be stored through http.

In addition, how can we prevent accidental leakage of PHP configuration files for database usernames and passwords? If not, do you need to encrypt them? Or is it possible to restrict the remote login of the database?
It is a matter of people to avoid accidental leaks. we recommend that you do not know too many people to use domain names and passwords.
You can store the account and password of a data volume in apache2 and use the apache mod_env module to save sensitive information about the php program.
SetEnv dbaccount root
SetEnv DB pass 123456
Exam http://blog.csdn.net/fdipzone/article/details/9388959

To learn about server security, which books should be read and recommended .. Thank you.
Read tech blog posts and comments to search related articles.
------ Solution ----------------------
Discuss with fdipzone about setting user names and passwords as environment variables

If you write the user name and password to the connection statement of the database operation class, you can view the user name and password only when you see the source code of the database operation class.
The database operation class can be stored anywhere in the file system. at least it is difficult to find it.

But if it is used as an environment variable, you only need to write a small program (print_r ($ _ SERVER ))
Besides, both httpd. conf and. htaccess are stored in a fixed location, which is easy to find.
------ Solution ----------------------
When the server environment is normal, files cannot be parsed by the server environment. for example, if you do not convert PHP into php.txt, these files cannot be downloaded, if the code is faulty, the source code may be displayed.
If you compress the entire website to a rar file and expose it to the Internet, such as http: // xxxx/test.rar, once you know the path, you can download it, but most of the time, if you really want to do this, remember to add a password to your package.

There is no need to publish books for these things. it is basically an experience. the things to be published are still behind...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.