w3pop.com :: ÍøÂçѧԺ :: PHP :: PHP °²È«¼¼ÇÉÁ¬ÔØ #4[Òë]
- PHP
- php ÎÞÏÞ·ÖÀàµÄʵ..
- ³£ÓÃPHP´úÂë
- windowsÏ°²×°ÅäÖ..
- MySQLÊý¾Ý¿â½á¹¹º..
- PHPʵÏÖ IP Whois..
- PHP5 this,selfºÍ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- PHP error_report..
- PHP °²È«¼¼ÇÉÁ¬ÔØ..
- ʹÓÃPHP×öLinux/U..
PHP °²È«¼¼ÇÉÁ¬ÔØ #4[Òë]
×÷Õß:Cal Evans ·Òë/ÕûÀí:w3pop.com ·¢²¼:2007-07-24 ÐÞ¸Ä:2007-07-25 ä¯ÀÀ:2934 ::
::
ÔÎijö´¦£ºhttp://devzone.zend.com/article/1761-PHP-Security-Tip-4
·Ò룺linyupark@w3pop.com
“Security through obscurity is no security at all.” so the adage goes. However, the flip side of that coin is, obscurity, when used as part of an overall strategy, is a good thing. There’s no sense in making things any easier for those with malicious intent. That brings us to our security tip for the day.
“ͨ¹ýÒþ²ØÊǸù±¾Ã»Óа²È«¿ÉÑԵĔ¸ñÑÔÉÏÊÇÕâô˵µÄ¡£È»¶ø£¬´Ó·´ÃæÀ´½²£¬Òþ²Ø£¬µ±Ëü×÷ΪÕûÌå²ßÂÔµÄÒ»²¿·Öʱ£¬Ò²ÊǸöºÃ¶«Î÷¡£¸ù±¾ÎÞ·¨Òâʶµ½ÊÇ·ñÈÃÄÇЩ²»»³ºÃÒâµÄÈ˸üÈÝÒ×ÖÆÔì(¶«Î÷£¬¿ÉÒÔÀí½âΪÂé·³)¡£½ñÌìËùÒª´øÀ´µÄ°²È«¼¼ÇɾÍÊÇÕâ·½ÃæµÄ¡£
Give files and folders with critical information non-default names
¶ÔÓÚ°üº¬¹Ø¼üÐÅÏ¢µÄÎļþºÍÎļþ¼Ð¸øËüÃÇ·ÇĬÈÏÃû³Æ
Don’t rely on obscure names to keep your application safe. You should always check permissions, test for vulnerabilities with testing tools and keep an eye on your log files for suspicious activity. When designing your applications and web sites though, don’t make it easy for bad people to do bad things. Don’t use default or common names for your files and directories.
²»ÒªÒÀ¿¿Ê¹ÓÃÒþ»ÞµÄÃüÃûÀ´ÈÃÄãµÄ³ÌÐòÏԵð²È«¡£ÄãÓ¦¸Ã¾³£ÐԵļì²éËüÃǵÄÐí¿ÉȨ£¬Ê¹ÓÃһЩ²âÊÔ¹¤¾ßÀ´¼ì²é©¶´²¢Ê±¿Ì×¢ÒâÄãµÄlogÎļþÊÇ·ñÓпÉÒɵĻ¡£µ±ÄãÉè¼Æ³ÌÐòÒÔ¼°ÍøÕ¾µÄʱºò²»ÒªÇáÒ×µØÈÃÄÇЩ¾ÓÐÄØϲâµÄÈË×ö»µÊ¡£²»Òª¸øÄãµÄÎļþºÍĿ¼ʹÓÃĬÈϵĻòÊǺܳ£¼ûµÄÃû³Æ¡£
ÆÀÂÛ (1)
