What is the principle of thinkphp security files?

Source: Internet
Author: User
thinkphp each directory will automatically generate a index.php file to prevent directly in the browser to enter a URL address to view the directory, this file to achieve the principle of directory security? What are the system security mechanisms involved? (I do not know this is not reasonable to ask the seniors to give answers!) )

Reply content:

thinkphp each directory will automatically generate a index.php file to prevent directly in the browser to enter a URL address to view the directory, this file to achieve the principle of directory security? What are the system security mechanisms involved? (I do not know this is not reasonable to ask the seniors to give answers!) )

It's index.html.

Because the default Access files for general Web servers are index.html index.htm index.php, etc.

Empty directory will prompt for 403 error no file or directory will prompt 404 error

In this case, you can write a small program. Poor lift to guess a website directory

This will expose some sensitive directories.

However, you can avoid 403 errors by placing empty files in the directory.

The default home file for the Web server is index.php or index.html, which prevents the Web server from leaking directories

Because the default Access file for a generic Web server is index.html index.htm index.php

Put a index.html and you have the default Access file. If Apache is not configured properly, it will display the contents of the entire file directory, which is not secure.

Thinkphp Such a practice is not scientific. A better approach is to separate the project files from the single entry (for example, Laravel) so that others can access only the single-entry file and the single-entry file with the same directory, and all other files are not visible.

  • Contact Us

    The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

    If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

    A Free Trial That Lets You Build Big!

    Start building with 50+ products and up to 12 months usage for Elastic Compute Service

    • Sales Support

      1 on 1 presale consultation

    • After-Sales Support

      24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.