What is the principle of thinkphp security files?

thinkphp each directory will automatically generate a index.php file to prevent directly in the browser to enter a URL address to view the directory, this file to achieve the principle of directory security? What are the system security mechanisms involved? (I do not know this is not reasonable to ask the seniors to give answers!) ）

Reply content:

thinkphp each directory will automatically generate a index.php file to prevent directly in the browser to enter a URL address to view the directory, this file to achieve the principle of directory security? What are the system security mechanisms involved? (I do not know this is not reasonable to ask the seniors to give answers!) ）

It's index.html.

Because the default Access files for general Web servers are index.html index.htm index.php, etc.

Empty directory will prompt for 403 error no file or directory will prompt 404 error

In this case, you can write a small program. Poor lift to guess a website directory

This will expose some sensitive directories.

However, you can avoid 403 errors by placing empty files in the directory.

The default home file for the Web server is index.php or index.html, which prevents the Web server from leaking directories

Because the default Access file for a generic Web server is index.html index.htm index.php

Put a index.html and you have the default Access file. If Apache is not configured properly, it will display the contents of the entire file directory, which is not secure.

Thinkphp Such a practice is not scientific. A better approach is to separate the project files from the single entry (for example, Laravel) so that others can access only the single-entry file and the single-entry file with the same directory, and all other files are not visible.

