Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home php教程 php手册 请注意PHP程序里的敏感信息

请注意PHP程序里的敏感信息

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 06, 2016 pm 08:10 PM
php information sensitive program Please note

何为敏感信息?简单点来说就是你不想让别人知道的信息,比如说数据库的地址,用户名,密码等等,此类信息往往知道的人越少越好。 通常,PHP程序里的配置文件大致如下所示: ?phpreturn array( 'database' = array( 'host' = '192.168.0.1', 'username' = 'ad

何为敏感信息?简单点来说就是你不想让别人知道的信息,比如说数据库的地址,用户名,密码等等,此类信息往往知道的人越少越好。

通常,PHP程序里的配置文件大致如下所示:

<?php return array(
    'database' => array(
        'host'     => '192.168.0.1',
        'username' => 'administrator',
        'password' => 'e1bfd762321e409cee4ac0b6e841963c',
    ),
);
?>
Copy after login

有时候出于某些原因,比如说代码审查,亦或者合作开发等等,第三方需要获取代码版本仓库的读权限,一旦授权,数据库的地址,用户名,密码等敏感信息就暴露了。当然也可以不在代码版本仓库里保存配置文件,取而代之是撰写文档进行说明,但我不喜欢这样的方法,因为如此一来,代码本身是不完整的。

如何解决此类问题呢?最直接的方法是把敏感信息从代码中拿掉,换个地方保存。具体保存到哪里呢?有很多选择,比如说通过nginx的fastcgi_param来设置:

fastcgi_param DATABASE_HOST 192.168.0.1;
fastcgi_param DATABASE_USERNAME administrator;
fastcgi_param DATABASE_PASSWORD e1bfd762321e409cee4ac0b6e841963c;
Copy after login

经过这样的映射后,我们的代码就不会直接包含敏感信息了:

<?php return array(
    'database' => array(
        'host'     => $_SERVER['DATABASE_HOST'],
        'user'     => $_SERVER['DATABASE_USERNAME'],
        'password' => $_SERVER['DATABASE_PASSWORD'],
    ),
);
?>
Copy after login

此外,还可以通过php-fpm的env指令来设置:

env[DATABASE_HOST] = 192.168.0.1
env[DATABASE_USERNAME] = administrator
env[DATABASE_PASSWORD] = e1bfd762321e409cee4ac0b6e841963c
Copy after login

需要说明的一点是,这个设置必须放在主配置文件php-fpm.conf里,不能放到include指令设置的子配置文件里,否则会报错:「Array are not allowed in the global section」;另外一点,虽然是通过env设置的,但结果还是在$_SERVER里,而不是$_ENV。

通过nginx和php-fpm配置文件来解决问题的话,有一个缺点,仅对Web有效,如果通过命令行来运行,那么无法在$_SERVER里获取相关信息,不过这不算什么难事儿,只要写个公共的脚本正则匹配一下nginx或者php-fpm的配置文件,就可以动态的把这些信息映射到命令行环境,具体怎么搞就留给大家自己操作吧。

说明:?@Laruence?提醒了我,如果配置信息通过nginx的fastcgi_param来设置的话,当nginx和php交互时,会带来大量的数据传输(如此看来通过php-fpm的env来设置相对更有优势),鸟哥建议使用独立的扩展来搞定,比如「hidef」。如果你使用hidef的话,需要注意一点,hidef定义的常量通过phpinfo函数可以一览无遗,为了安全性,你应该在配置文件php.ini里禁用相关函数:「disable_functions = phpinfo」。

看起来还是hidef可用性更好些,具体选择就看客观情况而定吧,如果能够安装扩展,那么就推荐使用hidef,否则就推荐使用env的方法。

原文地址:请注意PHP程序里的敏感信息, 感谢原作者分享。

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Show More

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Assassin's Creed Shadows: Seashell Riddle Solution
1 weeks ago By DDD
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
WWE 2K25: How To Unlock Everything In MyRise
3 weeks ago By 尊渡假赌尊渡假赌尊渡假赌
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?
7450
15
CakePHP Tutorial
1374
52
What is the format of the account name of steam
77
11
win11 activation key permanent
40
19
nyt connections hints and answers
14
9
Show More
Related knowledge
PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian PHP 8.4 Installation and Upgrade guide for Ubuntu and Debian Dec 24, 2024 pm 04:42 PM

PHP 8.4 brings several new features, security improvements, and performance improvements with healthy amounts of feature deprecations and removals. This guide explains how to install PHP 8.4 or upgrade to PHP 8.4 on Ubuntu, Debian, or their derivati

CakePHP Working with Database CakePHP Working with Database Sep 10, 2024 pm 05:25 PM

Working with database in CakePHP is very easy. We will understand the CRUD (Create, Read, Update, Delete) operations in this chapter.

CakePHP Date and Time CakePHP Date and Time Sep 10, 2024 pm 05:27 PM

To work with date and time in cakephp4, we are going to make use of the available FrozenTime class.

CakePHP File upload CakePHP File upload Sep 10, 2024 pm 05:27 PM

To work on file upload we are going to use the form helper. Here, is an example for file upload.

CakePHP Routing CakePHP Routing Sep 10, 2024 pm 05:25 PM

In this chapter, we are going to learn the following topics related to routing ?

Discuss CakePHP Discuss CakePHP Sep 10, 2024 pm 05:28 PM

CakePHP is an open-source framework for PHP. It is intended to make developing, deploying and maintaining applications much easier. CakePHP is based on a MVC-like architecture that is both powerful and easy to grasp. Models, Views, and Controllers gu

CakePHP Creating Validators CakePHP Creating Validators Sep 10, 2024 pm 05:26 PM

Validator can be created by adding the following two lines in the controller.

CakePHP Logging CakePHP Logging Sep 10, 2024 pm 05:26 PM

Logging in CakePHP is a very easy task. You just have to use one function. You can log errors, exceptions, user activities, action taken by users, for any background process like cronjob. Logging data in CakePHP is easy. The log() function is provide

See all articles