嗯,首先请为我的初学者英语打个招呼.
Well, as a start please excuse me for my beginner English..
我想了解有关PHP MVC应用程序中安全性的更多信息
I want to know more about security in PHP MVC applications
我已经创建了自己的MVC,但还没有完成. 我的应用程序目录通过带有子元素的URL访问公开.
I've created my own MVC, I still haven't finished it. My application directory is exposed by URL access with child elements.
如何隐藏访问者的内容?
How to make this hidden from visitors?
以下是我正在尝试的
Apache mod_rewrite吗?
Apache mod_rewrite ?
我仍然不知道在每个文件夹(如框架Codeigniter)中将其设为空index.html吗?
I still don't know to make it empty index.html in each folder like the framework Codeigniter ?
用于指示的内容是什么? 和, ...如何制作?
What to use for something to indicate ? and, ... how to make ?
修改 我对rewrite_rules
下面是我的.htaccess
Options -MultiViews RewriteEngine On RewriteBase /ligia #RewriteCond %{REQUEST_FILENAME} -f [OR] #RewriteCond %{REQUEST_FILENAME} -l [OR] #RewriteCond %{REQUEST_FILENAME} -d #RewriteRule .+ - #I know, it is commented RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-l RewriteRule "^(.+)$" "index.php?uri=$1" [QSA,L]
但是我担心这是否是保存我的MVC应用程序的最佳方法 安全!?
But I am afraid if this is the best way to hold my MVC application security!?
我需要帮助!
推荐答案首先请确保您的.htaccess文件位于文档根目录(与index.php相同的位置)中,否则只会影响子文件夹在其中(以及其中的所有子文件夹-递归).
First make sure that your .htaccess file is in your document root (the same place as index.php) or it'll only affect the sub-folder it's in (and any sub-folders within that - recursively).
下一步,对您的规则进行一些更改,使其类似于:
Next make a slight change to your rule so it looks something like:
RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ /index.php?path=$1 [NC,L,QSA]此刻,您正在上进行匹配.这是任何字符的一个实例,您至少需要.*才能匹配任意数量的任何字符的实例.
At the moment you're just matching on . which is one instance of any character, you need at least .* to match any number of instances of any character.
如果要将整个shebang安装在子目录(例如/mvc/或/framework/)中,最简单的方法是略微更改重写规则以将其考虑在内.
If you want the whole shebang installed in a sub-directory, such as /mvc/ or /framework/ the least complicated way to do it is to change the rewrite rule slightly to take that into account.
RewriteRule ^(.*)$ /mvc/index.php?path=$1 [NC,L,QSA]并确保index.php位于该文件夹中,而.htaccess文件位于文档根目录中.
And ensure that your index.php is in that folder whilst the .htaccess file is in the document root.
NC =不区分大小写(不区分大小写,因为该模式中没有字符,所以没有必要)
NC = No Case (not case sensitive, not really necessary since there are no characters in the pattern)
L =最后(此重写后它将停止重写,因此请确保它是您重写列表中的最后一件事)
L = Last (it'll stop rewriting at after this Rewrite so make sure it's the last thing in your list of rewrites)
QSA =查询字符串追加,以防万一您想要保留并传递给index.php的末尾类似?like = penguins的东西.
QSA = Query String Apend, just in case you've got something like ?like=penguins on the end which you want to keep and pass to index.php.
更多推荐
MVC应用程序中的公开文件夹
发布评论