Possible widespread PHP configuration issue - security risk
lists at wildgooses.com
Fri Aug 27 21:51:10 MSD 2010
> I simply do not have time for the next several days. I'm literally
> working day and night on an app that I need ready by Monday.
Sure - I can update stuff. I only meant if you can spare some mins to
contribute to a best efforts config.
Our emails crossed - I will edit the media wiki entry to include an
exclusion for the /images/ dir also. For me at least this is then "secure".
> Plus, I am probably the worst person to work on PHP issues as I firmly
> believe PHP to be utter crap starting from its conception right down to
> the last byte of its actual implementation. It tries my patience in
> ways a toddler wired on espresso couldn't.
I hear you there... Allowing PHP apps on the server keeps me awake at
As an aside, my solution has been to use linux-vservers for each php
app. This was what led me to nginx to keep the memory usage of such a
system low. It's super easy to segment apps though and gives an extra
amount of resilience to the installation
Not relevant to our thread though...
More information about the nginx