我在根目录中有以下config.php.inc。不是。
如果它不安全,我该如何使其更安全?
<?php
global $configVars;
$configVars['online'] = false;
if(($_SERVER['SERVER_NAME'])!='localhost' and ($_SERVER['SERVER_NAME'])!='abc')
{
$configVars['dbhost'] = "localhost"; // Database host address //
$configVars['dbuser'] = "dbuser"; // Database user name //
$configVars['dbpassword'] = "bq;^4"; // Database password //
$configVars['dbname'] = "dbname"; // Database name //
$configVars['dbport'] = 3306; // Database port //
define('SERVER_NAME', 'http://sitesurl/');
define("SITE_ABSOLUTE_PATH", SERVER_NAME."");
} else {
$configVars['dbhost'] = "localhost"; // Database host address //
$configVars['dbuser'] = "root"; // Database user name //
$configVars['dbpassword'] = ""; // Database password //
$configVars['dbname'] = "localdb"; // Database name //
$configVars['dbport'] = 3306; // Database port //
////////// Define Variables
define('SERVER_NAME', 'http://localhost');
define("SITE_ABSOLUTE_PATH", SERVER_NAME."/site/");
}
?>
无需在配置文件中进行安全检查。最终用户或黑客无法访问此文件中的内容。
当某些身体黑客入侵脚本并下载配置文件或以其他方式获取其内容时,问题就来了。
谢谢