Introduce you to 5 PHP security _php Tutorials

Source: Internet
Author: User
For years, PHP has been a stable, inexpensive platform for running web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developers, database architects, and system administrators should take precautions before deploying a PHP application to the server. Most precautions can be done with a few lines of code or by adjusting the application settings slightly.

1: Manage Installation scripts

If a developer has installed a PHP script for a third-party application, the script is used to install the entire application's working component and provide an access point. Most third-party packages recommend that you remove the installation scripts that are included in the directory after installation. But developers want to keep the installation scripts, and they can create a. htaccess file to control access to the directory.

AuthType Basic

AuthName "Administrators only"

Authuserfile/usr/local/apache/passwd/passwords

Require Valid-user

Any unauthorized user who tries to access a protected directory will see a prompt asking for a user name and password. The password must match the password in the specified "passwords" file.

2: Header File

In many cases, developers can include several scripts that are distributed in the application into a single script. These scripts will contain an "include" directive that integrates a single file into the code of the original page. When an "include" file contains sensitive information, including the user name, password, and database access key, the file extension should be named ". php" instead of the typical ". Inc" extension. The ". PHP" extension ensures that the PHP engine will process the file and prevent any unauthorized access.


http://www.bkjia.com/PHPjc/445674.html www.bkjia.com true http://www.bkjia.com/PHPjc/445674.html techarticle For years, PHP has been a stable, inexpensive platform for running web-based applications. Like most web-based platforms, PHP is vulnerable to external attacks. Developer 、...

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.