PHP 代码安全

发布于 2024-09-24 21:59:33 字数 1436 浏览 7 评论 0原文

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

北方。的韩爷 2024-10-01 21:59:33

安全代码很少或没有可被恶意用户利用的漏洞。

混淆代码是故意使其难以阅读的代码。

晦涩代码是无意中难以阅读并且可能不安全的代码。

Secure code is such that has little or no vulnerabilities that can be exploited by malicious users.

Obfuscated code is code that is intentionally made hard to read.

Obscure code is code that is unintentionally hard to read and also probably insecure.

谁的年少不轻狂 2024-10-01 21:59:33

维基百科上的混淆代码文章非常适合您阅读:)

混淆代码是源代码或机器代码
难以执行的代码
理解。程序员可能
故意混淆代码以隐藏
其目的或逻辑是为了防止
篡改,阻止逆向工程
或作为拼图或娱乐
对读者的挑战。它是一种形式
通过默默无闻实现安全。节目
称为混淆器变换
将可读代码转换为混淆代码
使用各种可能的技术
引发反调试,
反反编译和
防拆卸机制。代码
混淆本质上是不同的
来自硬件混淆,其中
的描述和/或结构
电路被修改以隐藏其
功能。

The Obfuscated Code article at Wikipedia is good read there for you :)

Obfuscated code is source or machine
code that has been made difficult to
understand. Programmers may
deliberately obfuscate code to conceal
its purpose or its logic to prevent
tampering, deter reverse engineering
or as a puzzle or recreational
challenge for readers. It is a form of
security through obscurity. Programs
known as obfuscators transform
readable code into obfuscated code
using various techniques that might
induce anti-debugging,
anti-decompilation and
anti-disassembly mechanism. Code
obfuscation is different in essence
from hardware obfuscation, where
description and/or structure of a
circuit is modified to hide its
functionality.

痴情 2024-10-01 21:59:33

简而言之,代码安全性意味着您的代码只执行您想要的操作,而不执行其他操作。编写不当、不安全的代码可能会产生副作用,而用户可能会利用这些副作用。 SQL 注入就是一个很好的常见示例。

编写安全的代码是非常有必要的,特别是对于开源项目,否则其他用户可以很容易地发现你的漏洞。至于如何编写安全的代码,这是一个更困难的问题。最好的答案是有经验。在您知道要保护代码免受什么侵害之前,很难保护您的代码免受某些侵害。然而,常识和一些基本步骤(例如始终转义不安全的用户输入)大有帮助。

混淆代码只是将用户可读的代码变成不那么可读的代码。这样做的原因有很多。原因之一是使从代码中查找漏洞变得更加困难,但这决不能阻止这种情况。另一个原因是让人们更难修改您的代码,而这正是您可能希望对商业软件所做的事情。但在这种情况下有更好的选择,比如使用 Zend Guard

Code security in a nutshell means that your code does what you want it to, and nothing else. Badly written, insecure code can have side effects, that users might be able to exploit. SQL injections is one good, common example.

It is very necessary to write secure code, especially for open-source projects where other users could easily find your vulnerabilities otherwise. As to how to write secure code, that's a bit more difficult question. The best answer would be with experience. It's hard to protect your code against something before you know what to protect it against. However common sense and some basic steps like always escaping unsafe user input go a long way.

Obfuscating code is simply taking user-readable code, and turning it into something that is not so readable. There are many reasons to do this. One reason is to make it harder to find vulnerabilities from your code, but it by no means prevents it. Another reason is to make it harder for people to make modifications to your code, which is what you might want to do for commercial software. But there are better alternatives in that case, like using Zend Guard

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文