发表新帖
发表新帖

Hide PHP from user

后端 未结
关注
5 1695
粉色の甜心
粉色の甜心 2021-01-14 04:16

Is there a way to hide the fact that I\'m using PHP from my users? I wanted to do this for two reasons:

  • 1) So the links in the address bar look cleaner (like h
相关标签:
5条回答
  • -上瘾入骨i
    2021-01-14 04:18

    The above (or perhaps below) answers give info on the technical side, let me answer the moral side:

    Don't do it. Point 2 is completely invalid, if someone wants to do harm, this won't stop it. Proper security checks however will. Point 1 is meagerly valid, no one types links anymore these days.

    0 讨论(0)
  • 春和景丽
    2021-01-14 04:26

    In addition to the mod_rewrite changes, also set expose_php to false: http://www.php.net/manual/en/ini.core.php#ini.expose-php

    0 讨论(0)
  • 小鲜肉
    2021-01-14 04:29

    1) So the links in the address bar look cleaner (like here on stackoverflow)

    mmm. OK

    2) To prevent potential hackers of knowing immediately what to look for

    Security by obscurity. Trust me, that's not going to slow them down much.

    A very valid reason for doing this, however, is so that your website is not tie to a particular development language.

    I see several people have already mentioned mod_rewrite. It's one solution - but it's a very complex tool to master. Also, be very careful about embedding CGI variables in the path of the URL - you can quickly break stuff.

    A simple solution would be to implement every entry-point php script (i.e. anything with is not an include/require file) as 'index.php' and reference it by it's directory.

    Alternatively pick your own file extension and replace the references to .php in the config with your extension.

    0 讨论(0)
  • 感情败类
    2021-01-14 04:38

    The best way to keep your PHP hidden from public access is to structure your folders accordingly. Best practice is to keep your library and application files at least one level up from the public folder, like:

    /application
    // application files
/library
    // library and vendor files
/public (aka public_html, htdocs etc)
    index.php
    .htaccess
    /css
    /images
    /js

    Use htaccess and mod_rewrite to route requests to the index.php file, which will then dispatch the request to the application.

    RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php

    This way, you only have a single php file publicly accessible, which merely includes other files not available via any url

    0 讨论(0)
  • 北恋
    2021-01-14 04:44 
    RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php

    http://eisabainyo.net/weblog/2007/08/19/removing-file-extension-via-htaccess/

    0 讨论(0)
 看不清?
提交回复
热议问题