程序師世界是廣大編程愛好者互助、分享、學習的平台,程序師世界有你更精彩!
首頁
編程語言
C語言|JAVA編程
Python編程
網頁編程
ASP編程|PHP編程
JSP編程
數據庫知識
MYSQL數據庫|SqlServer數據庫
Oracle數據庫|DB2數據庫
 程式師世界 >> 數據庫知識 >> MYSQL數據庫 >> 關於MYSQL數據庫 >> Win2000ApachePHPMySQL安裝及安全手冊

Win2000ApachePHPMySQL安裝及安全手冊

編輯:關於MYSQL數據庫
所需要的程序:
  
  apache
  http://www.apache.org/dist/httpd/binarIEs/win32/
  我們選用apache_1.3.28-win32-x86-no_src.msi,或者apache_2.0.47-win32-x86-no_ssl.msi
  都可以,勿使用低版本的程序,它們有缺陷,很容易遭到internet上的攻擊
  
  PHP
  http://cn2.PHP.Net/get/PHP-4.3.3-Win32.zip/from/a/mirror
  PHP-4.3.3
  
  MySQL
  http://www.MySQL.com/get/Downloa ... 5-win.zip/from/pick
  MySQL-4.0.15
  注:低於這個版本的MySQL,有缺陷,勿使用
  
  ZendOptimizer-2[1].1.0a-Windows-i386.exe
  php的優化器,支持加密PHP腳本
  
  MySQL-Front
  一個運行於ms平台的gui的MySQL的管理器,非常好用
  
  phpMyAdmin-2.5.0-PHP.zip
  基於PHP腳本的MySQL管理器
  
  PHPencode.exe
  PHP加密編譯器
  
  install~
  1.安裝apache
  由於安裝很簡單,pass~!,只是要注意的是,請勿安裝到系統分區上
  因為這樣,無論從備份,維護,災難性恢復上,都是有優勢的.
  假設安裝到了d:\2.安裝PHP
  具體安裝過程請參考PHP目錄裡的install.txt
  需要注意的是,請勿使用CGI方式
  以下為引用資料
  ------------------------------------------------------------------
  Title 17/2/2002
  PHP for Windows Arbitrary Files Execution (GIF, MP3)
  Summary
  Through PHP.EXE, an attacker can cause PHP to interpret any file as a PHP file,
  even if its extensions are not PHP. This would enable the remote attacker to
  execute arbitrary commands, leading to a system compromise.
  Details
  Vulnerable systems:
  PHP version 4.1.1 under Windows
  PHP version 4.0.4 under Windows
  An attacker can upload innocent looking files (with mp3, txt or gif extensions)
  through any uploading systems such as WebExplorer (or any other PHP program that
  has uploading capabilitIEs), and then request PHP to execute it.
  Example:
  After uploading a file a \"gif\" extension (in our example huh.gif) that contains
  PHP code such as:
  #------------
    PHPinfo();
  ?>
  #------------
  An attacker can type the following address to get in to cause the PHP file to be
  executed:
  http://www.example.com/php/PHP.exe/UPLOAD_DIRECTORY/huh.gif
  Notice: php/PHP.exe is included in the URL.
  Additional information
  The information has been provided by CompuMe and RootExtractor.
  ps:大部分版本都有這個毛病.包括一些最新版本,
  1. 上一頁:
  2. 下一頁:
Copyright © 程式師世界 All Rights Reserved