For years, PHP has been a stable, inexpensive platform for running web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developers, database architects, and system administrators should take precautions before deploying a PHP application to the server. Most precautions can be done with a few lines of code or by adjusting the application settings slightly.
1: Manage Installation scripts
If a developer has installed a PHP script for a third-party application, the script is used to install the entire application's working component and provide an access point. Most third-party packages recommend that you remove the installation scripts that are included in the directory after installation. But developers want to keep the installation scripts, and they can create a. htaccess file to control access to the directory.
AuthType Basic AuthName "Administrators only" Authuserfile/usr/local/apache/passwd/passwords Require Valid-user
|
Any unauthorized user who tries to access a protected directory will see a prompt asking for a user name and password. The password must match the password in the specified "passwords" file.
2: Header File
In many cases, developers can include several scripts that are distributed in the application into a single script. These scripts will contain an "include" directive that integrates a single file into the code of the original page. When an "include" file contains sensitive information, including the user name, password, and database access key, the file extension should be named ". php" instead of the typical ". Inc" extension. The ". PHP" extension ensures that the PHP engine will process the file and prevent any unauthorized access.
http://www.bkjia.com/PHPjc/445674.html www.bkjia.com true http://www.bkjia.com/PHPjc/445674.html techarticle For years, PHP has been a stable, inexpensive platform for running web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developer 、...