HomeBlogs沙漠之周's blog

vim远程修改文件产生的安全隐患

  • user warning: Table './zgq_smzz/blog_comments' is marked as crashed and should be repaired query: SELECT COUNT(*) FROM blog_comments c WHERE c.nid = 26 AND c.status = 0 in /home/www/zhouguoqiang/zhoume.org/modules/comment/comment.module on line 992.
  • user warning: Table './zgq_smzz/blog_comments' is marked as crashed and should be repaired query: SELECT c.cid as cid, c.pid, c.nid, c.subject, c.comment, c.format, c.timestamp, c.name, c.mail, c.homepage, u.uid, u.name AS registered_name, u.signature, u.signature_format, u.picture, u.data, c.thread, c.status FROM blog_comments c INNER JOIN blog_users u ON c.uid = u.uid WHERE c.nid = 26 AND c.status = 0 ORDER BY c.thread DESC LIMIT 0, 50 in /home/www/zhouguoqiang/zhoume.org/modules/comment/comment.module on line 992.
Sun, 05/25/2008 - 00:41 — 沙漠之周

刚才无意中通过浏览器看到了wordpress配置文件里的信息了,现在想想仍心有余悸。

如果你像我一样,将vim作为首选编辑器;如果你也像我一样,有时候需要远程修改文件。那么,请注意了,通过vim远程修改文件,可能会产生~结尾的备份文件,由于服务器一般都无法解释~后缀文件,这将把代码泄露给客户端。如果巧好是某个配置文件,后果更是不堪设想。

解决方法:
1. 通过设置nobackup和nowritebackup参数,取消vim的自动保存功能
2. 让web服务器解释~后缀文件

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options