堆栈内存溢出
  简体   繁体   English

有人可以从服务器外部知道目录中的文件吗?

[英]Can someone know the files inside a directory from outside the server?

 原文  2013-09-21 00:43:06       php/ security

问题描述

I have web application that will store some files inside a directory called items, and each item will have it's own directory. 我有一个Web应用程序,该应用程序会将一些文件存储在名为items的目录中,每个项目都有其自己的目录。

The question is if the directory has an index.html page can anyone knows what the names of files might be ? 问题是目录中是否有index.html页,谁能知道文件名是什么?

more explanation 更多说明 

 http://www.mysite.com/items/item-734783HH/

inside item-734783HH there will be 2 files 在item-734783HH内部,将有2个文件 

 -index.html
 -secureFile.zip

The secureFile name will be hashed. secureFile名称将被散列。 Is there anyway to steal this file from the web ? 无论如何,有从网上窃取此文件的信息吗? that's my real concern 那是我真正的担心

Also, I am using PHP for copying this file and give it to the user when the purchase is complete. 另外,我正在使用PHP复制该文件,并在购买完成后将其提供给用户。

1 个解决方案

解决方案1
 1  2013-09-21 00:51:28

short answer, but only "usually" true: no. 简短的回答,但只有“通常”正确:否。

long version for the short version: if you have an index.html then going to http://www.mysite.com/items/item-734783HH/ will serve up http://www.mysite.com/items/item-734783HH/index.html instead. 短版的长版:如果您有index.html,则转到http://www.mysite.com/items/item-734783HH/将投放http://www.mysite.com/items/item-734783HH/index.html代替。 Users will not see a directory listing, so they either have to know those files already exist, or guess them. 用户将不会看到目录列表,因此他们要么必须知道那些文件已经存在,要么猜测它们。

actually true answer: only you can tell us. 真正的答案:只有您能告诉我们。 It depends on the server you're using in combination with PHP, and what you've told it to autoresolve to when someone hits a route that does not indicate a file but a directory. 这取决于您将其与PHP结合使用的服务器,以及当有人点击一条不表示文件而是目录的路由时,要服务器自动解析的内容。 It also depends on whether you blacklist/whitelist files based on file patterns, like a "DENY FROM ALL" for files that start with ".", etc. 它还取决于您是否基于文件模式将文件列入黑名单/白名单,例如以“。”开头的文件的“ DENY FROM ALL”(拒绝所有)。

It's probably time to learn more about how your server works. 现在可能是时候进一步了解服务器的工作方式了。 The internet has a lot of good information on that. 互联网上有很多很好的信息。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 有人可以从我的服务器外访问我的数据库吗? - Can someone access my database from outside my server? 获取系统文件夹外部目录中所有文件的列表 - get a list of all files inside a directory outside the system folder Jetty 7.4.2 + Quercus 4.0.18:如何从 webapp 目录之外读取 PHP 文件 - Jetty 7.4.2 + Quercus 4.0.18: How can I read PHP files from outside the webapp directory 在服务器端打开目录并在其中打开文件 - Open directory in server side and open files inside it XAMPP(WAMP)服务器-禁止访问根目录之外的文件 - XAMPP (WAMP) server - disable accessing files outside of root directory 有人可以从public_html下载我的文件吗? - Can someone download my files from public_html? 访问服务器目录外的文件 - Access a file outside the server directory 列出目录目录中的文件 - list files inside directory of a directory 获取目录中的文件 - Get the files inside a directory 可以从 docker 容器外部连接到数据库,但不能从内部连接到数据库(在 laravel 中) - Can connect to database from outside a docker container but not from inside (in laravel)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM