Hello!
On Thu, Feb 13, 2014 at 02:09:34PM +0100, António P. P. Almeida wrote:
> This type of configuration is insecure since there's no whitelisting of the
> PHP scripts to be processed.
You mean "location / { fastcgi_pass ... }"? This type of
configuration assumes that any files under "/" are php scripts,
and it's ok to execute them.
Obviously it won't be secure if you allow utrusted parties to put
files there. But the problem is what you allow, not the
configuration per se.
--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
