On Dec 1, 2008, at 11:38 PM, Michele Waldman wrote:
Thanks to your soft, delicate input, I've been doing a little more
research.
I was ps -ef on the linux server. Php appears to be configured into
the
server and the process goes down due to misconfiguration, is it not
the same
process handling the htaccess? Does that mean basically all web
services
have stopped on the server and not even htaccess would protect it,
leaving
the entire server vulnerable? Or will htaccess still be working?
You're still operating under the impression that something went wrong
with the software.
Nothing went wrong with the software. The software worked exactly as
it was supposed to. The problem was that it was misconfigured.
(Unless there really is some bug in apache that nobody here has ever
seen/verified). So, Garbage In (Configuration), Garbage (or, your
source files, in this case) Out.
Even that facebook story ends up saying:
"After looking at every possible angle, I was unable to configure our
Apache build to serve source code even if we wanted to. What we
eventually found was a single server running a standard distribution
build of Apache in our production pool of several thousand web severs.
A lot has been posted online blaming PHP for this, however, the server
that we eventually found was not running PHP."
http://sizzo.org/wp/2007/09/youre-source-code-is-showing
He goes on to suggest the same thing I did in my last message.
So, if this is a misconfiguration issue, that means if you don't
have a sys
admin, that the programmer needs to learn the configuration and
ensure it's
correct on the server?
If you rely on a server to deploy your applications you should do one
of two things:
1) Know enough about server administration/configuration
2) Pay someone (or some organization) that does.
_______________________________________________
New York PHP User Group Community Talk Mailing List
http://lists.nyphp.org/mailman/listinfo/talk
http://www.nyphp.org/show_participation.php
