当前位置: 动力学知识库 > 问答 > 编程问答 >

php - Will setting permission 444 on a folder prevent access from web

问题描述:

TL:DR Will permission 444 on a folder restrict access for a web user and browser?

I have a webserver with a root catalog that is accessible from the web. I can't access any folders higher up in the hiearchy, I only have control of the root folder and down.

Lets say I have the following folder structure:

  • includes
  • includes\database.php
  • admin
  • admin\index.php

I want the includes folder to follow these rules:

  • Accessible from within the server, so "admin/index.php" can include "includes/database.php"
  • Accessible via FTP, so I can access and edit the folder and files.
  • NOT Accessible by a user from the web.

Can I solve this by setting "includes" and all subfolders/files with permission 444? If so, is there a known way to bypass this access-rule or is it safe to use?

网友答案:

If you want to keep assets safe from web access you need to move them outside of your web root. Typically one level below your web root is used. This way they are still accessible via FTP and your code but not to web requests.

分享给朋友:
您可能感兴趣的文章:
随机阅读: