Security Risk
Stefan Scott
lists at ruby-forum.com
Sat Feb 14 03:56:10 MSK 2009
Yeah, this "solution" is definitely a security risk.
I just did some testing, and I'm able to open *any* file in
/home/myname/sources/phpmyadmin.
For example, if I point the browser at:
http://mydom.myhost.com/phpmyadmin/index.php
then Firefox offers to download the index.php file.
If I point the browser at:
http://mydom.myhost.com/phpmyadmin/README
then it displays the README file in the browser, etc.
So this is not good.
How do I set up my directories and my nginx.conf file so that people can
browse to a site like:
http://mydom.myhost.com/mysub-url
without exposing all the files in the directory $root/mysub-url?
Thanks.
--
Posted via http://www.ruby-forum.com/.
More information about the nginx
mailing list