Welcome! Log In Create A New Profile

Advanced

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

March 08, 2011 02:28PM
On Tue, 2011-03-08 at 19:09 +0000, António P.P.Almeida wrote:

> That's a generic example. The pitfalls page is meant to warn you
> against some inadvisable practices. It's not meant to be a config
> recipe. You should always adapt your config to your application.
>
> As a rule all PHP (or whatever language file) scripts should be
> enumerated in the config, if possible with exact matchings, or if
> using PATHINFO with the correct pattern.
>
> Otherwise you're setting yourself up for getting p0wned.

So... maybe this pitfall should also be covered in the pitfalls page and
linked to from that example?

I agree with the OP that this example is bad, and given that people
usually read the minimal amount of documentation required to solve a
task, it's likely people will be caught with this.

Cliff


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Lukas0907 March 08, 2011 09:33AM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Ensiferous March 08, 2011 11:08AM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

António P. P. Almeida March 08, 2011 02:18PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Cliff Wells March 08, 2011 02:28PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Lukas0907 March 08, 2011 02:37PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Cliff Wells March 08, 2011 02:48PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

António P. P. Almeida March 08, 2011 09:48PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Adrian von Stechow March 09, 2011 01:04AM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

genarg April 06, 2011 11:29AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 86
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready