Possible widespread PHP configuration issue - security risk

[Ed W]

> I simply do not have time for the next several days.   I'm literally
> working day and night on an app that I need ready by Monday.

Sure - I can update stuff.  I only meant if you can spare some mins to 
contribute to a best efforts config.

Our emails crossed - I will edit the media wiki entry to include an 
exclusion for the /images/ dir also.  For me at least this is then "secure".


> Plus, I am probably the worst person to work on PHP issues as I firmly
> believe PHP to be utter crap starting from its conception right down to
> the last byte of its actual implementation.  It tries my patience in
> ways a toddler wired on espresso couldn't.

I hear you there... Allowing PHP apps on the server keeps me awake at 
night...

As an aside, my solution has been to use linux-vservers for each php 
app.  This was what led me to nginx to keep the memory usage of such a 
system low.  It's super easy to segment apps though and gives an extra 
amount of resilience to the installation

Not relevant to our thread though...

Cheers

Ed W