Fwd: packages: php/php-mod_php.conf - match only *.php for added security by avo...

Tomasz Pala gotar at polanet.pl
Mon May 4 12:56:36 CEST 2009

On Mon, May 04, 2009 at 12:48:11 +0300, Elan Ruusamäe wrote:

> this config change hit the builders
> plz test and verify that you configuration does not depend on the broken 
> configuration (foo.php.blah expected to be parsed by php engine)

So now you've exposed *.php.rpmsave contents (with plain passwords
possible) one might have after some webapp upgrade, nice security.

Please revert this and do like the rest of the world does (unless you
follow them now?).

> ---- Log message:
> - match only *.php for added security by avoiding multiple extensions match
>   http://isc.sans.org/diary.html?storyid=6139

Tomasz Pala <gotar at pld-linux.org>

More information about the pld-devel-en mailing list