Community Learn Tools Library Leisure

English

Home > Backend Development > PHP Problem > body text

How to prevent backdoor in php

爱喝马黛茶的安东尼

Release： 2023-02-25 10:22:01

Original

3549 people have browsed it

How to prevent backdoor in php

Prevention of php backdoor URL

The so-called backdoor URL refers to a resource that does not need to be called directly, but can be accessed directly through the URL.

For example, a web application may display sensitive information to logged-in users.

Related recommendations: "php Getting Started Tutorial"

Code sample:

<?php
$authenticated = FALSE;
$authenticated = check_auth();
if ($authenticated)
{
    include &#39;./sensitive.php&#39;;
}
?>

Copy after login

Risk analysis:

Since sensitive.php is located in the main directory of the website, the browser can skip the verification mechanism and directly access the file. This is because all files in the main directory of the website have a corresponding URL address. In some cases, these scripts may perform an important operation, which increases the risk.

Solution:

In order to prevent backdoor URLs, you need to make sure that all included files are saved outside the main directory of the website. All files saved in the home directory of the website must be directly accessed through URL.

The above is the detailed content of How to prevent backdoor in php. For more information, please follow other related articles on the PHP Chinese website!

Related labels：

php prevent

source：php.cn

Previous article：How to prevent sql injection in php Next article：Is php front-end or back-end?

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

Seven data types that novices must know when getting started with PHP

2023-04-08 08:58:01
How to implement multi-part file upload in PHP

2020-01-17 17:35:14
PHP implements lightweight delay queue (multi-threading) based on Redis

2020-01-17 17:19:41
What does the preference field mean in the routing table?

2020-01-14 09:53:53
What does problem loading acadres.dll resource file mean?

2020-01-14 09:42:06
How to set prettier

2020-01-14 09:22:49
What file is thumbda?

2020-01-13 17:18:04
What to do if system thread restarts indefinitely

2020-01-13 17:02:44
How to use system pause

2020-01-13 16:53:40
Where is symbol character 167?

2020-01-13 16:47:08

Latest Issues

PHP arrays obtained from URL parameters do not behave as expected I have a URL parameter that contains the category ID and I want to treat it as an array li...

From 2024-04-06 22:09:02

0

1

1428

Where should I place CustomLog directive in apache I'm using php:7.2-apachedocker. I need to disable health check url login access log. Based...

From 2024-04-06 22:03:59

0

1

990

What is the format of the variables in the return value? I am a new learner of php. I found a piece of code: if($x<time()){return[false,'error']...

From 2024-04-06 21:55:20

0

1

778

Problems encountered when using opentbs to generate odt files: values of the same key are displayed in the same row instead of separate columns. I'm using a library called OpenTbs to create odt using PHP, I'm using it because columns a...

From 2024-04-06 20:18:18

0

1

483

Group MySQL results by ID for looping over I have a table with flight data in mysql. I'm writing a php code that will group and displ...

From 2024-04-06 17:27:56

0

1

406

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

PHP database programming from zero to proficient

315787
PHP zero-based video tutorial

61622

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template