堆栈内存溢出
  简体   繁体   English

安全地存储脚本

[英]Storing Scripts Securely

 原文  2012-03-08 03:11:51       php/ security/ scripting/ module

问题描述

I have a website that serves two parties, buyer and sellers. 我有一个为两方(买方和卖方)服务的网站。 So once i have authenicated the type of user i load the respective module. 因此,一旦我认证了用户类型,便会加载相应的模块。 See logic below: 请参阅以下逻辑: 

 If $loggedinusertype = Buyer;

 include(/buyer_module.php);

 else 

  include(/seller_module.php);

Now the way i store these modules is just the way i would store a contact.php file. 现在,我存储这些模块的方式就是我存储contact.php文件的方式。 These modules can be accessed if i go to domain.com/seller_module.php. 如果我转到domain.com/seller_module.php,可以访问这些模块。 Now, i want to know how to store these modules in such a way that nobody could access it directly and can only be used in the include component. 现在,我想知道如何以没有人可以直接访问它并且只能在include组件中使用的方式存储这些模块。 I have 200 of these modules.... 我有200个这样的模块...

2 个解决方案

解决方案1
 2  2012-03-08 03:14:53

You could store them in an area outside of your normal web directory. 您可以将它们存储在普通Web目录之外的区域中。

Say your web directory is /home/yoursite/www 假设您的网站目录为/ home / yoursite / www

You could put your include files in /home/yoursite/some-other-directory and no one would be able to access them from your site directly. 您可以将包含文件放在/ home / yoursite / some-other-directory中,没有人可以直接从您的站点访问它们。

解决方案2
 2  2012-03-08 03:15:05

I have two suggestions on how you could do this. 关于如何执行此操作,我有两个建议。

  1. Just store all of the modules outside of the web root so there is no way they can be accessed from the browser. 只需将所有模块存储在Web根目录之外,就无法从浏览器访问它们。

  2. If the above is not feasible, define a constant in your main application or in the script that includes the individual modules. 如果上述方法不可行,请在主应用程序或包含各个模块的脚本中定义一个常量。 In the individual modules, check to see if the constant has been defined. 在各个模块中,检查是否已定义常数。 If it has not, then you can assume someone is trying to access it in the browser, if it is, then the file was included by your script. 如果没有,则可以假定有人尝试在浏览器中访问它,如果是,则该文件已包含在脚本中。

Example of 2: 示例2:

index.php 的index.php 

<?php
define('SOME_CONSTANT', 1);
// ...
include 'buyer_module.php';

buyer_module.php and all other modules you don't want called directly Buyer_module.php和您不希望直接调用的所有其他模块 

<?php

if (!defined('SOME_CONSTANT')) exit;

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 安全地存储私人图像 - Securely storing private images 安全地存储数据 - Securely storing data 使用Codeigniter安全地存储会话数据? - Storing Session Data Securely With Codeigniter? 将pdf文件安全地存储在服务器上 - storing pdf files on server securely 将值安全地存储在mySQL数据库中 - Storing values securely in mySQL Database 将敏感数据安全地存储在数据库中 - Storing sensitive data securely in a database 使用PHP安全地存储数据 - Storing Data Securely using PHP 安全地存储用户凭证令牌 - Securely storing user credential tokens 将WebDAV凭据安全地存储在数据库中 - Securely storing WebDAV credentials in a database 使用PHP / MySQL安全地存储和提供用户文件 - Storing and serving user files securely with PHP/MySQL
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM