有人可以从public_html下载我的文件吗?
[英]Can someone download my files from public_html?
问题描述
When someone accesses a site via url www.mysite.com/index.php the php code is executed server side and you can't see the code. 
当有人通过URL www.mysite.com/index.php访问站点时,php代码在服务器端执行,您看不到代码。 Can someone download my files such as index.php from my folder public_html somehow (other than hacking into my account with my password) and view my php code? 有人可以以某种方式从我的文件夹public_html中下载我的文件,例如index.php(除了使用密码入侵我的帐户之外)并查看我的php代码吗?
2 个解决方案
解决方案1
2 2011-02-16 00:54:23
除非您的服务器受到威胁或您的脚本编码不正确,否则攻击者无法访问他想要的任何文件,否则不会。
解决方案2
1 2011-02-16 00:58:27
Depends. 要看。 If you are on a crappy shared host, it's not impossible that you can look into other people's PHP files -- this often only requires guessing the username and consequently the absolute path to the file you want to see. 如果您位于糟糕的共享主机上,则可以查看其他人的PHP文件-这通常只需要猜测用户名,因此就可以找到想要查看的文件的绝对路径。 You can't list the directories leading there but alas sometimes if you know the absolute path then you can read others file. 您无法列出领先的目录,但是有时候,如果您知道绝对路径,则可以读取其他文件。 Say, you are joe and the path is /home/j/joe/public_html/joesdomainname/index.php how long will it take for jack to figure this out when he sees /home/j/jack/public_html/jacksdomainname/index.php ...? 假设您是joe,路径是/home/j/joe/public_html/joesdomainname/index.php ,当jack看到/home/j/jack/public_html/jacksdomainname/index.php时,杰克/home/j/joe/public_html/joesdomainname/index.php多长时间才能解决这个问题/home/j/jack/public_html/jacksdomainname/index.php ...? The cost of this attack (which is not by all means a sure short) is creating an account with the same company you are with. 这种攻击的代价(绝对不能短命)是在您所在的同一公司创建一个帐户。 As this mostly works with truly crappy shared hosts, that cost won't be particularly high... 由于这主要适用于真正糟糕的共享主机,因此成本不会特别高...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.