Index.php and content protection

Question

Index.php and content protection

What are the chances that hackers can download the index.php file from the server (and not the result, but the contents of the index.php file)? Do you recommend putting the contents of index.php in modules / index_content.php, where the modules folder is protected by .htaccess And does index.php contain a single line <?php require_once('modules/index_content.php') ?>? Does it make sense?

+5

security php

Haradzieniec Aug 18 '11 at 11:08

source share

6 answers

*.php Apache (, ), , , , - script ( script modules/index_content.php ).

+1

Dave Child 18 . '11 11:11

.

index.php, .

+1

hsz 18 . '11 11:11

.php http, , (, PHP). , , .php .

(public_html, htdocs ..) .

+1

Prisoner 18 . '11 11:12

php , PHP -.

: htaccess index.php , - index.php, .

+1

Georges Chitiga 18 . '11 11:13

. :

"" ( SSH, FTP ..)...
: script, , , php .

0

red 18 . '11 11:14

Cheekysoft · Accepted Answer · 2011-08-18T15:14:43+0000

Source code disclosures can occur on a well-tuned server and are not as rare as you might think. As others have said, if your server configuration sounds, then there will be no problems with people directly accessing PHP files.

However, you can still be vulnerable to:

Script ,

, ~ .bak. PHP, . , .

, webapp, . script , LFI. , , , , . "../" , Directory Traversal, , .

,

, (index.html, index.php, default.htm ..). - , ( ) , .

, - (, ) . - PHP, . , , - URL ( ). Tomcat /.

SQL-

, . ( ), . , .

, , , . , - . , , , .

Index.php and content protection

More articles: