|
Posted by Curtis on 02/23/07 07:13
Steve wrote:
> "Rik" <luiheidsgoeroe@hotmail.com> wrote in message
> news:op.tn6pvcviqnv3q9@misant...
> | Steve <no.one@example.com> wrote:
> | > find a server that parses all documents via php instead of by extension,
> | > ....
> | >
> | > it's not hard to hack any site...it just takes a bit of knowledge and
> | > some desire.
> |
> | And in this case, both an insane webserver setting and a either no or a
> | bogus check on files after upload... Usually it would be much, much
> harder.
>
> true. however sadly, *most* web servers (apache anyway) out there at least
> parse all documents through php even if the extension is different...things
> like .css or .jpg, or what have you.
> <snip>
I haven't seen Apache set up like that (on the document root and
below) ever. Most people don't do this. Apache doesn't force any
configuration, the server admin has control over how PHP is configured.
--
Curtis, http://dyersweb.com
[Back to original message]
|