Security Risk

Stefan Scott lists at ruby-forum.com
Sat Feb 14 03:56:10 MSK 2009


Yeah, this "solution" is definitely a security risk.

I just did some testing, and I'm able to open *any* file in 
/home/myname/sources/phpmyadmin.

For example, if I point the browser at:

  http://mydom.myhost.com/phpmyadmin/index.php

then Firefox offers to download the index.php file.

If I point the browser at:

  http://mydom.myhost.com/phpmyadmin/README

then it displays the README file in the browser, etc.

So this is not good.

How do I set up my directories and my nginx.conf file so that people can 
browse to a site like:

  http://mydom.myhost.com/mysub-url

without exposing all the files in the directory $root/mysub-url?

Thanks.

-- 
Posted via http://www.ruby-forum.com/.





More information about the nginx mailing list