简体繁体 English

我如何确保没有人可以访问Websever中文档根目录之外的文件

[英]How do I make sure nobody gets access to files out of my document root in my websever

原文 2019-04-24 18:55:10 4 1 c/ server/ document-root

I'm currently working on a webserver in C. I want to make sure that it's impossible to access files that are outside of my document root and I need to write a function that checks the request file / path to that file (for example /index.html) and makes sure there is no way to get out of my document root(for example /../ would make it go out of document root). 我目前正在使用C语言在网络服务器上工作。我想确保无法访问文档根目录之外的文件，并且我需要编写一个函数来检查请求文件/该文件的路径（例如/ index.html），并确保没有办法摆脱我的文档根目录（例如/../会使它脱离文档根目录）。 I was thinking about just checking for ../ and removing that, but then somebody could request ....//, which would be ../ again if we remove ../ out of it. 我当时正在考虑只检查../并删除它，但随后有人可以请求.... //，如果我们从其中删除../，那将再次是../。 Is there some clever way to do this that I'm not thinking about? 有我没有想到的一些聪明方法吗？

1 个解决方案

Use realpath : 使用realpath ：

realpath - return the canonicalized absolute pathname realpath-返回规范化的绝对路径名

It will return the absolute pathname, with all symlinks, all ./ and all /../ resolved. 它将返回绝对路径名，并带有所有符号链接，所有./和所有/../解析。 Store your "document root" after resolving it with realpath too. 用realpath解决它后，也可以存储“文档根目录”。 After that you can simply memcmp or strcmp resolved path to document root with the resolved pathname to the path you want to test.. 之后，您可以简单地使用memcmp或strcmp解析路径来文档根目录，并使用要测试的路径的解析路径名。

如何确保仅使用我的origninal客户端向我的服务器发出请求？ - How do I make sure only my origninal client is used to make requests to my server?

如何确保我的 char 不是负数 - How can I make sure that my char is not a negative number

如何确保输入适合我的数据类型？ - How can I make sure the input suits my data types?

如何以无人身份运行程序？ - How do I run a program as nobody?

如何让我的代码打印出在我的代码中被跳过的语句？ - How can I get my code to print out a statement that gets skipped in my code?

如何确保程序只能访问它自己的文件夹和子文件夹？ - How do I make sure a program only has access to it's own folder and subfolders?

我如何使我的城市价值在我的if声明中不再重复？ - How do I make my city value not repeat in my if statement?

在本机节点模块中，如何确保异步代码始终在同一线程上运行？ - In a native node module, how can I make sure that my async code is always running on the same thread?

我想确保我的程序是正确的，这是 c 编程 - I want to make sure my program is correct this is c programming

我想确保我的链表工作 - i want to make sure that my linked list work

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何确保仅使用我的origninal客户端向我的服务器发出请求？ - How do I make sure only my origninal client is used to make requests to my server? 如何确保我的 char 不是负数 - How can I make sure that my char is not a negative number 如何确保输入适合我的数据类型？ - How can I make sure the input suits my data types? 如何以无人身份运行程序？ - How do I run a program as nobody? 如何让我的代码打印出在我的代码中被跳过的语句？ - How can I get my code to print out a statement that gets skipped in my code? 如何确保程序只能访问它自己的文件夹和子文件夹？ - How do I make sure a program only has access to it's own folder and subfolders? 我如何使我的城市价值在我的if声明中不再重复？ - How do I make my city value not repeat in my if statement? 在本机节点模块中，如何确保异步代码始终在同一线程上运行？ - In a native node module, how can I make sure that my async code is always running on the same thread? 我想确保我的程序是正确的，这是 c 编程 - I want to make sure my program is correct this is c programming 我想确保我的链表工作 - i want to make sure that my linked list work

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM