加固PHP环境(转)
作者:Albert
PHP作为Apache的模块运行时,Apache本身的安全起主导作用,因此如果配置正确的话,PHP应该是一个十分安全的环境,但是如果PHP是以CGI方式来运行的话,就没有这么安全了。
本文中提到的操作,对Unix和Windows都适用。
一、作为Apache模块来运行
因为一般说来,Apache会以“nobody”或者“www”来运行,所以,PHP作为模块是十分安全的。
如果PHP在虚拟主机环境下,可能会产生用户能浏览其他用户文件的危险。一个简单的脚本如下:
// 假定文档根位于 /usr/local/websites/mydomain
$location = ../; // 到上一级目录
$parent = dir($location);
// 显示当前目录: /usr/local/websites
while($entry = $parent->read()) {
echo $entry .
;
}
$parent->close();
?>
这样,只要修改$location,用户就可以浏览虚拟主机上所有其他用户的文件了。为了减少这样的危险,我们需要看一下php.ini ,修改其中的safe_mode, doc_root和usr_dir 参数,把用户限制在他自己的虚拟主机环境下:
safe_mode = On
doc_root = /usr/local/apache/htdocs
user_dir = /home/albertxu/htdocs
二、作为CGI
把PHP以CGI方式运行需要十分小心,可能会泄露你不想让人知道的信息。
第一件事情要注意的就是一定要把执行文件放到文档根目录以外的地方。例如/usr/local/bin,因此所有的CGI文件开头必须带有:
#!/usr/local/bin/php
防止用户直接调用CGI的办法是在Apache中强迫CGI重定向:
Action php-script /cgi-bin/php.cgi
AddHandler php-script .php
这会把下面的URL
http://example.com/mywebdir/test.htm
转换为:
http://example.com/cgi-bin/php/mywebdir/test.htm
在以CGI方式编译PHP时,最好采用下面的选项:
--enable-force-cgi-redirect
本文讨论的是有关PHP的安全问题,详细的安全信息可以参考PHP老家上手册中关于安全的
http://www.php.net/manual/en/security.php
那一章。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian
Dec 24, 2024 pm 04:42 PM
PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati
CakePHP Date and Time
Sep 10, 2024 pm 05:27 PM
To work with date and time in cakephp4, we are going to make use of the available FrozenTime class.
CakePHP File upload
Sep 10, 2024 pm 05:27 PM
To work on file upload we are going to use the form helper. Here, is an example for file upload.
Discuss CakePHP
Sep 10, 2024 pm 05:28 PM
CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu
CakePHP Creating Validators
Sep 10, 2024 pm 05:26 PM
Validator can be created by adding the following two lines in the controller.
How To Set Up Visual Studio Code (VS Code) for PHP Development
Dec 20, 2024 am 11:31 AM
Visual Studio Code, also known as VS Code, is a free source code editor — or integrated development environment (IDE) — available for all major operating systems. With a large collection of extensions for many programming languages, VS Code can be c
CakePHP Quick Guide
Sep 10, 2024 pm 05:27 PM
CakePHP is an open source MVC framework. It makes developing, deploying and maintaining applications much easier. CakePHP has a number of libraries to reduce the overload of most common tasks.
How do you parse and process HTML/XML in PHP?
Feb 07, 2025 am 11:57 AM
This tutorial demonstrates how to efficiently process XML documents using PHP. XML (eXtensible Markup Language) is a versatile text-based markup language designed for both human readability and machine parsing. It's commonly used for data storage an
