fastcgi & index
Maxim Dounin
mdounin at mdounin.ru
Thu Feb 13 13:29:10 UTC 2014
Hello!
On Thu, Feb 13, 2014 at 02:09:34PM +0100, António P. P. Almeida wrote:
> This type of configuration is insecure since there's no whitelisting of the
> PHP scripts to be processed.
You mean "location / { fastcgi_pass ... }"? This type of
configuration assumes that any files under "/" are php scripts,
and it's ok to execute them.
Obviously it won't be secure if you allow utrusted parties to put
files there. But the problem is what you allow, not the
configuration per se.
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list