Revision #2 has been created by MadAnd on Apr 28, 2015, 1:58:30 PM with the memo:
typo fixes
« previous (#1)
Changes
Title
unchanged
Single PHP entry point with Nginx
Category
unchanged
How-tos
Yii version
unchanged
Tags
unchanged
yii, nginx, security, php, front controller
Content
changed
[...]
Security
--------
One may ask how this rather subtle configuration change affects security. Here is a little example.
Imag
ine you have written and application, which among other things allows users to upload some files.
Now, if you "forgot" to implement strict validation rules, malicious user could potentially
upload (exploiting e.g. some NUL char vulnerability) file `shell.php` into the
server's `uploads` folder.
Now the malicious user opens the URL: `http://yourapp.net/uploads/shell.php`[...]