昨天晚上,我做了一些管理员更改我的网络服务器。我使用PHP。 PHP的处理器不能在更新后,如果有人来到我的主页,PHP页面将只需下载并显示在专用的code和密码给任何人参观。所以我在想,如果有一种方法,以prevent使用的.htaccess任何形式的下载PHP文件 - 但仍然允许文件的正常观看
Last night I made some admin changes to my webserver. I use php. The php processor failed after the update and if someone went to my homepage, the php page would simply download and show the proprietary code and password to anyone visiting. So I was wondering if there is a way to prevent any form of download for php files using .htaccess -- but still allow for normal viewing of the files.
推荐答案一个很好的模式在开发过程中,遵循的是用最少的初始化文件,它调用驻留在根目录以外的实际应用。只有这样,没有关键信息的最小存根在这样的情况下被暴露出来。
A good pattern to follow during development is to use a minimal initialization file, which invokes the actual application which resides outside the webroot. That way only a minimal stub with no critical information is exposed in a case like this.
简单的例子:
/ /app critical_code.php /webroot .htaccess <- rewrites all requests to index.php index.php <- invokes ../app/critical_code.php (or other files as requested)更多推荐
如何保护PHP文件的.htaccess从与PHP5下载坠毁
发布评论