| 1 |
On 01/04/2016 12:11 AM, Jeroen Roovers wrote: |
| 2 |
> |
| 3 |
>> Without updating APACHE2_OPTS, websites could end up serving |
| 4 |
>> PHP code (include configuration files with passwords) |
| 5 |
>> unprocessed to website visitors! |
| 6 |
> |
| 7 |
> That would mean there is an additional (local) security problem. |
| 8 |
> |
| 9 |
|
| 10 |
All PHP applications are written by the sort of people who will tell you |
| 11 |
to put a config file in the public DocumentRoot, and that's not easy to |
| 12 |
fix as the system administrator. Those virtual hosts should really |
| 13 |
really really really really be wrapped in <IfModule> statements. |
Archives