Drupal 和 HTML 站点的安全漏洞是什么?
What is the security vulnerability of Drupal and a HTML site?
假设 Drupal 站点位于 https 服务器上,例如:
然后我在服务器上创建一个子文件夹,如:
...然后我在 "myfolder." 中放置了一个 HTML 站点 Drupal 站点和这个 "myfolder" HTML 站点仍然安全吗?还是现在有安全问题?
让我参考一下你对这个问题的评论:
By "secure" I mean do the HTML pages in the sub folder make the Drupal
site more vulnerable to attack? I'm trying to convince colleagues to
let me build small HTML sites in sub folders but they're saying it
will mess up the site's security and make it more vulnerable. I
disagree with them but I'm not an expert with security so that's why
I'm asking this question.
简答,没有。只要确保 directory browsing is disabled and if you do put any dynamic content in the subdirectory make sure it is secure.
考虑在您的网络服务器前面放置一个 Web 应用程序防火墙以提高安全级别。
除了 mjsa 的回答之外,我想补充一点,您的同事必须信任 您,因为当您被允许自由地向 drupal 站点添加文件时,很容易您 获得 drupal 站点的管理员权限 。所以也许这是他们的顾虑,因为您和您的同事仅有权编辑您的 drupal 站点的内容而无权管理它?
假设 Drupal 站点位于 https 服务器上,例如:
然后我在服务器上创建一个子文件夹,如:
...然后我在 "myfolder." 中放置了一个 HTML 站点 Drupal 站点和这个 "myfolder" HTML 站点仍然安全吗?还是现在有安全问题?
让我参考一下你对这个问题的评论:
By "secure" I mean do the HTML pages in the sub folder make the Drupal site more vulnerable to attack? I'm trying to convince colleagues to let me build small HTML sites in sub folders but they're saying it will mess up the site's security and make it more vulnerable. I disagree with them but I'm not an expert with security so that's why I'm asking this question.
简答,没有。只要确保 directory browsing is disabled and if you do put any dynamic content in the subdirectory make sure it is secure.
考虑在您的网络服务器前面放置一个 Web 应用程序防火墙以提高安全级别。
除了 mjsa 的回答之外,我想补充一点,您的同事必须信任 您,因为当您被允许自由地向 drupal 站点添加文件时,很容易您 获得 drupal 站点的管理员权限 。所以也许这是他们的顾虑,因为您和您的同事仅有权编辑您的 drupal 站点的内容而无权管理它?