User: Password:
Subscribe / Log in / New account

Security quotes of the week

Security quotes of the week

Posted Oct 4, 2012 20:59 UTC (Thu) by josh (subscriber, #17465)
In reply to: Security quotes of the week by ftc
Parent article: Security quotes of the week

Most PHP setups tend to leave the PHP files in the web root, with a configuration that says "run .php files via php rather than serving them". With a setup like that, it only takes one web server misconfiguration to cause the server to serve the file as text rather than running it.

A much better configuration would have all the PHP files outside the web root, where misconfigurations would fail closed by not serving them.

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds