Welcome! Log In Create A New Profile

Advanced

FastCGI security question

Previous Message Next Message
Forum List Message List New Topic Print View
Jérôme Loyet
April 23, 2010 02:46AM
Hi guys,

I'm working on php-fpm and I had an idea for a new feature.

I'd like to pass fastcgi headers to php-fpm which will set some PHP
ini defines. It's the same as php_value or php_admin_value from the
php apache module. I imagine something like:

fastcgi_param PHP_INI_VALUE "display_errors=off";
fastcgi_param PHP_ADMIN_INI_VALUE "open_basedir=/var/www:/tmp";

Even if it sounds great, I wonder if it could be a security breach
somehow. Is there a way a request can overwrite those parameters by
forging a particular request ?

thx for your advices

++ Jerome

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

FastCGI security question

Jérôme Loyet April 23, 2010 02:46AM

Re: FastCGI security question

Igor Sysoev April 23, 2010 03:04AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 141
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready