w3pop.com :: ÍøÂçѧԺ :: PHP :: PHP °²È«¼¼ÇÉÁ¬ÔØ #2[Òë]
- PHP
- php ÎÞÏÞ·ÖÀàµÄʵ..
- ³£ÓÃPHP´úÂë
- windowsÏ°²×°ÅäÖ..
- MySQLÊý¾Ý¿â½á¹¹º..
- PHPʵÏÖ IP Whois..
- PHP5 this,selfºÍ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP error_report..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- ʹÓÃPHP×öLinux/U..
PHP °²È«¼¼ÇÉÁ¬ÔØ #2[Òë]
×÷Õß:Cal Evans ·Òë/ÕûÀí:w3pop.com ·¢²¼:2007-07-24 ä¯ÀÀ:3072 ::
::
ÔÎijö´¦£ºhttp://devzone.zend.com/article/1745-PHP-Security-Tip-2
·Ò룺linyupark@w3pop.com
Security by obscurity is no security at all. On the other hand you don't want to give away information about your site either. Today's tip is a simple one but one that is often overlooked in production environments.
ͨ¹ýÒþ²Ø(ÐÅÏ¢)²¢²»ÄÜ´Ó¸ù±¾Éϱ£Ö¤°²È«¡£(µ«)ÁíÒ»·½ÃæÄãÒ²²»Ó¦¸Ãй¶ÈκÎÓйØÄãÍøÕ¾µÄÐÅÏ¢¡£½ñÌìµÄ¼¼ÇÉÊǷdz£¼òµ¥µÄµ«Ò²ÊǾ³£±»ºöÊӵġ£
Make sure you do not display errors and potentially leak information about your site.
È·±£ÄãûÓн«´íÎóÐÅÏ¢»òÊÇDZÔÚµÄÓйØÄãÍøÕ¾µÄÐÅÏ¢ÏÔʾ¸øÍâ½ç
Simply setting display_errors = Off in your php.ini of your production server will prevent you from leaking information that may give intruders hints to the structure of your system. By default, display_errors = On.
ÔÚÄãµÄ·þÎñÆ÷ÉϽ« php.ini ÎļþÖÐÒ»¸ö¼òµ¥µÄÉèÖøÄΪ display_errors = Off ¿ÉÒÔ×èÖ¹½«ÏµÍ³½á¹¹ÐÅϢй¶¸øÈëÇÖÕß¡£ÔÚĬÈÏÇé¿öÏÂÕâ¸öÉèÖÃΪ display_errors = On.
You can find more information and error reporting options in the manual's Error Handling and Logging Functions Introduction section.
Äã¿ÉÒÔÕÒµ½¸ü¶àÓйشíÎ󱨸æµÄ¿ÉÑ¡ÏîÒÔ¼°ÐÅÏ¢£¬ËüÃÇÔÚÊÖ²áµÄError Handling and Logging Functions Introduction £¨´íÎó´¦ÀíÒÔ¼°logginº¯ÊýµÄ½éÉÜ£©Õ½Ú
ÆÀÂÛ (0)
All
