Difference between #1 and #2 of
Single PHP entry point with Nginx

Revision #2 has been created by MadAnd on Apr 28, 2015, 1:58:30 PM with the memo:

typo fixes
« previous (#1)

Changes

Title unchanged

Single PHP entry point with Nginx

Category unchanged

How-tos

Yii version unchanged

Tags unchanged

yii, nginx, security, php, front controller

Content changed

[...]
Security
--------

One may ask how this rather subtle configuration change affects security. Here is
little example. Imagine you have written and application, which among other things allows users to upload some files.
Now, if you "forgot" to implement strict validation rules, malicious user could potentially
upload (exploiting e.g. some NUL char vulnerability) file `shell.php` into the
server's `uploads` folder.

Now the malicious user opens the URL: `http://yourapp.net/uploads/shell.php`
[...]
4 0
3 followers
Viewed: 18 608 times
Version: all
Category: How-tos
Written by: MadAnd
Last updated by: MadAnd
Created on: Apr 27, 2015
Last updated: 9 years ago
Update Article

Revisions

View all history