PHP file security on webserver
I\'m slowly learning PHP, MySQL, along with some HTML, using localhost as my webserver. However, I\'m starting to wonder how my .php files are going to be secured if I put this
-
Well, if you're using the .php extension, then Apache will serve up the parsed version -- echo and print will output but your variables won't.
If you're still concerned there's a few ways of making your files more secure.
- Apache aliasing is common -- it lets you have one directory act like it's another. In this case, you'd alias your PHP directory to some directory on your domain. If your file structure is
/home/user/my_files/, you might aliasmy_filesto bewww.my-domain.com/files. The script would not be accessible there to the requests, but it would be accessible to something on the server. - Symbolic links or symlinks can accomplish the same as the above.
- simply place the config files somewhere else and directly reference them. Generally not a good idea as it is hard-coding file locations, but it is an option.
- the CodeIgniter method: in your index.php have
define( 'IN_APPLICATION', 1 );in your config files haveif( !defined( 'IN_APPLICATION' ) ) die( 'No direct script access allowed' );
- Apache aliasing is common -- it lets you have one directory act like it's another. In this case, you'd alias your PHP directory to some directory on your domain. If your file structure is
加载中...
- 热议问题