Welcome! Log In Create A New Profile

Advanced

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

March 08, 2011 02:48PM
On Tue, 2011-03-08 at 14:37 -0500, Lukas0907 wrote:
> My point is: The bad example does something, which is extremely
> inefficient but it just works. It has no side effects concerning
> security. All files are parsed by PHP, so no unparsed configuration
> files can leek.
>
> The "good example" only handles requests to the FastCGI instance if the
> file or directory can not be found by nginx. This is clearly not the
> same although the whole intention of the pitfall site is, in my eyes, to
> offer exactly that: A naive, inefficient way to achieve things and a
> professional, tested, reliable and secure way. It's the first URL given
> in Debian's default config and possibly the first place a user will look
> like searching for help.
>
> Proxying everything is certainly a bad idea; proxying too less is
> disastrous in terms of security. This should be pointed out in the wiki
> in big fat letters. Or better, let's come up with a better example of
> how to proxy a bare minimum.

I agree, it's not good to replace one bad example with another. OTOH,
cluttering up the "good" example might dilute the point (the particular
pitfall being discussed) with details.

Maybe continue that with a third example that introduces the pitfall of
accidentally serving up source code and provides the complete, correct
solution, or at the very least, put a big, fat warning next to the
"good" example.

Cliff


_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Subject Author Posted

Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Lukas0907 March 08, 2011 09:33AM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Ensiferous March 08, 2011 11:08AM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

António P. P. Almeida March 08, 2011 02:18PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Cliff Wells March 08, 2011 02:28PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Lukas0907 March 08, 2011 02:37PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Cliff Wells March 08, 2011 02:48PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

António P. P. Almeida March 08, 2011 09:48PM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

Adrian von Stechow March 09, 2011 01:04AM

Re: Vulnerability in "Proxy Everything" (Wiki article Pitfalls)

genarg April 06, 2011 11:29AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 68
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready