How to make files and folders more secure. So no hacker can access not even folder structure should be expose and PHP Security Scanners should give much efficient report ?
I just scan my website which is in CodeIgniter. I've got terrible report. Folder structure and their contents are totally exposed even sessions Ids too.
What should I do to prevent this ? can .htaccess to every folder prevent this ?
I used "Acunetix WVS Reporter".
只是不要将不应公共访问的任何内容放入公共可访问文件夹( httpdocs/
, public/
或任何文档根目录)
For my site, when i want to include javascript, CSS or images (anything external, really),
i have a PHP file which gets the file contents, like so:
<?php
$explode = explode(".", $_GET[f]);
$md5 = md5($explode[0]);
echo file_get_contents("secretfolder/$md5.$explode[1]");
?>
And in usage in HTML
<img src='include.php?f=heart.jpg'>
<style type='text/css' rel='stylesheet' href='include.php?f=styles.css'>
Then put an index.php in that folder, which redirects to your homepage or displays a phony 404 error.
You should debug and expand the PHP, to remove potential code injection or XSS exploits. I suggest Seeing File GET contents
For more information
这对于CodeIgniter应该是这样的http://codeigniter.com/wiki/Better_Server_Setup_for_CI
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.