Fwd: packages: php/php-mod_php.conf - match only *.php for added security by avo...
Patryk Zawadzki
patrys at pld-linux.org
Mon May 4 13:01:10 CEST 2009
2009/5/4 Tomasz Pala <gotar at polanet.pl>:
> On Mon, May 04, 2009 at 12:48:11 +0300, Elan Ruusamäe wrote:
>
>> this config change hit the builders
>>
>> plz test and verify that you configuration does not depend on the broken
>> configuration (foo.php.blah expected to be parsed by php engine)
> So now you've exposed *.php.rpmsave contents (with plain passwords
> possible) one might have after some webapp upgrade, nice security.
Do we keep %config files in publicly accessible dirs? If we do, we
should be shot. And then shot again.
--
Patryk Zawadzki
More information about the pld-devel-en
mailing list