我的開發人員通過config.php
文件中的一些功能將代碼交付給客戶端。在config.php中具有功能代碼有什麼安全問題
該客戶表示,這是一個安全風險,並且是一個非php
傢伙想知道是否有人知道這是爲什麼。
config.php
有哪些安全漏洞?
代碼:
<?php
//$config["ALLOWED_IPS"] = Array("rrrr,tttt,uuuu");
$config["PRIVATE_KEY"] = "sssss";
$config["PUBLIC_KEY"] = "aaaaa";
$config["DB_HOST"] = "wwwww";
$config["DB_NAME"] = "334455ffff";
$config["DB_USER"] = "uuuu";
$config["DB_PASS"] = "uuuu";
//AWS access info
if (!defined('awsAccessKey')) define('awsAccessKey', 'xxxxx');
if (!defined('awsSecretKey')) define('awsSecretKey', 'yyyyy');
function uploadS3($FilePath,$name=""){
$FilePath = str_replace("https://s3.amazonaws.com/","",$FilePath);
$info_path2 = explode("/",$FilePath);
if (count($info_path2)>1){
$Bucket = $info_path2[0];
$Object_info = str_replace($Bucket."/","",$FilePath);
if (!class_exists('S3')) require_once('S3.php');
//instantiate the class
$s3 = new S3(awsAccessKey, awsSecretKey);
$s3>putBucket($Bucket, S3::ACL_PRIVATE);
if ($s3>getObject($Bucket, $Object_info, $name)) {
return true;
}else{
return false;
}
}
return false;
}
?>
*「config.php文件」*?您可能必須比這更具體一點。 – deceze
您好,一個小型php應用程序的配置文件,用於存儲數據庫信息以及s3信息 –
對不起,點擊回車即可:<?php // $ config [「ALLOWED_IPS」] = Array(「rrrr,tttt, UUUU「); $ config [「PRIVATE_KEY」] =「sssss」; $ config [「PUBLIC_KEY」] =「aaaaa」; $ config [「DB_HOST」] =「wwwww」; $ config [「DB_NAME」] =「334455ffff」; $ config [「DB_USER」] =「uuuu」; $ config [「DB_PASS」] =「uuuu」; // AWS訪問信息 if(!defined('awsAccessKey'))define('awsAccessKey','xxxxx'); (!defined('awsSecretKey'))define('awsSecretKey','yyyyy'); ?> –