首页 > PHP > PHP源码防泄漏方法

PHP源码防泄漏方法

四条预防PHP源代码泄漏的方法:

1)使用mod_security过滤输出严防泄漏 Use mod_security to filter output and prevent leakage (例如)

PHP代码

SecFilterOutput On

SecFilterSelective OUTPUT “<?php” log,deny

2)不要将关键敏感代码放到根目录中 Code should live outside of the web root (例如)

PHP代码

index.php:

<?php

include(‘../realroot/index.php’);

?>

3)更改默认的文件类型 Change the default file type (例如对http.conf做如下修改)

PHP代码

httpd.conf:

DefaultType application/x-httpd-php

4)绝对禁止访问根目录 Deny all outside of the webroot (假设你的根目录是 ‘www’ ,例如)

PHP代码

http.conf: (or .htaccess)

<directory />

Order Deny,Allow

Deny from all

Options None

AllowOverride None

<directory /www>

Order Allow,Deny

Allow from all

</directory>

分类:PHP 标签:, ,
  1. 还没有评论。
  1. No trackbacks yet.

发表评论

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / 更改 )

Twitter picture

You are commenting using your Twitter account. Log Out / 更改 )

Facebook photo

You are commenting using your Facebook account. Log Out / 更改 )

Google+ photo

You are commenting using your Google+ account. Log Out / 更改 )

Connecting to %s

%d 博主赞过: