Possible widespread PHP configuration issue - security risk

Adam Younce ayounce at ripcord.net
Fri Aug 27 21:13:22 MSD 2010


Gentlemen, please. Let's keep this civil.

The simplest solution to the problem presented would be to change the wiki to encourage users to set their upload directory to a location not served by nginx (and thus not executable by PHP). This is *entirely* a PHP configuration issue.

There are still dangers depending on what the application does with the uploaded files, but those exist no matter what. Making the change to the documentation to encourage this best practice should suffice for us.

--

Adam Younce
ayounce at ripcord.net

On Aug 27, 2010, at 10:58 AM, Ed W wrote:

>  On 27/08/2010 17:32, Nuno Magalh?es wrote:
>>> I said to stop complaining about the content of the Wiki and feel 
>>> free to fix it. You seem to have all the answers. 
>> 
>>> Oh fuck off you twit.
>> Gee, you're so mature.
> 
> How is your post advancing the solution?
> 
> How about you avoid quoting out of context parts of my message and focus 
> on the rest of that message?
> 
> Regards
> 
> Ed W




More information about the nginx mailing list