Fwd: packages: php/php-mod_php.conf - match only *.php for added security by avo...
Tomasz Pala
gotar at polanet.pl
Mon May 4 15:07:18 CEST 2009
On Mon, May 04, 2009 at 13:01:10 +0200, Patryk Zawadzki wrote:
> Do we keep %config files in publicly accessible dirs? If we do, we
> should be shot. And then shot again.
I don't know if we do now, but we might (remember that packages were
kept entirely in /home/services/httpd some time ago, I doubt every
single one get moved). Can you guarantee that noone has such leftovers?
Moreover - situation as before is de facto standard, so there might be
people having their own code which may be altered. So i see DEsecurity
here[*] with no gain at all.
Following this way we should take 01_mod_authz_host.conf and change:
<FilesMatch "^\.ht">
to:
<Files *.htaccess>
[*] security means filter as much as possible; in this case it's "'don't
expose as much as possible" - so the change would be acceptable among
with filtering access to every *.php*.* (maybe with *~ and *.rpm{save,new}).
--
Tomasz Pala <gotar at pld-linux.org>
More information about the pld-devel-en
mailing list