Prevention of PHP backdoor URL_PHP tutorial

WBOY
Release: 2016-07-13 10:25:21
Original
823 people have browsed it

For example, the following WEB application may display sensitive information to logged-in users:

Copy code The code is as follows:

$authenticated = FALSE;
$authenticated = check_auth();
if ($authenticated)
{
include './sensitive.php';
}
?> ;

Since sensitive.php is located in the main directory of the website, the browser can skip the verification mechanism and access the file directly. This is because all files in the main directory of the website have a corresponding URL address. In some cases, these scripts may perform an important operation, which increases the risk.
To prevent backdoor URLs, you need to make sure to save all included files outside of the website's main directory. All files saved in the home directory of the website must be directly accessed through URL.

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/825129.htmlTechArticleFor example, the following WEB application may display sensitive information to logged in users: Copy the code as follows: ?php $authenticated = FALSE ; $authenticated = check_auth(); if ($authenticated) { inclu...
Related labels:
php
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template
About us Disclaimer Sitemap
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!