Home > Developer > PHP

Php file system security and prevention measures

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >
PHP Security-file system security and prevention measures PHP complies with the security mechanisms of most server systems regarding file and directory permissions. This allows the administrator to control which files are readable in the file system. You must pay special attention to the global readable files and ensure that each user with permissions can read these files securely.

PHP is designed to access the file system at the user level, so it is entirely possible to write a piece of PHP code to read system files such as/etc/passwd, change the network connection and send a large number of print tasks. Therefore, make sure that PHP code is suitable for reading and writing files.

See the following code to delete an object in your home directory. In this case, the file system is managed through the web interface. Therefore, Apache users have the right to delete files in the user directory.

Example #1 if you do not perform a security check on variables ......

Since the username and filename variables can be submitted through the user form, you can submit other users' usernames and file names, or even delete files that should not be deleted by them. In this case, you must consider other authentication methods. Think about what will happen if the submitted variables are "../etc/" and "passwd. The above code is equivalent:

Example #2 ...... File system attacks

There are two important measures to prevent such problems.

Only PHP web users have limited permissions.

Check all submitted variables.

The following is an improved script:

Example #3 more secure file name check

However, this is still flawed. If the authentication system allows users to create their own login usernames, and the user chooses to use "../etc/" as the username, the system will fall again. Therefore, we need to strengthen the inspection:

Example #4 safer file name check

There are various files to be aware of, depending on the operating system, including the device (/dev/or COM1), configuration file (/ect/file and. INI files), common storage areas (/home/or My Documents), and so on. For this reason, it is usually easier to establish a policy to prohibit all permissions, but only explicitly allow permissions.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
file system security linux file system security what file system security ibm intrusion prevention system cisco intrusion prevention system shopping cart theft prevention system network intrusion prevention system software

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More