1 |
On 01/04/2016 12:11 AM, Jeroen Roovers wrote: |
2 |
> |
3 |
>> Without updating APACHE2_OPTS, websites could end up serving |
4 |
>> PHP code (include configuration files with passwords) |
5 |
>> unprocessed to website visitors! |
6 |
> |
7 |
> That would mean there is an additional (local) security problem. |
8 |
> |
9 |
|
10 |
All PHP applications are written by the sort of people who will tell you |
11 |
to put a config file in the public DocumentRoot, and that's not easy to |
12 |
fix as the system administrator. Those virtual hosts should really |
13 |
really really really really be wrapped in <IfModule> statements. |