[php-maint] Bug#687418: Updating php5 to 5.4.4-5 broke FastCGI setup on my machine
Matthias Urlichs
matthias at urlichs.de
Mon Sep 17 22:00:17 UTC 2012
Hi,
Christoph Anton Mitterer:
> 1) So you have both, php5-cgi AND libapache2-mod-fcgid installed, right?
fastcgi, but yes.
> 2) Then what happens is, the Handler from php5_cgi.conf overrides the
> way (whatever you did) to get .php files interpreted, right?
Right.
> 3) Obviously, .php files are then neither interpreted by "normal" CGI,
> as Action directives are missing (and perhaps ScriptAlias and other
> things), right?
>
Right.
> Big problem though is, are the files then served as normal files by
> Apache?
Yes. The file gets served as-is, with a mimetype of
application/x-whatever-php.
If there's a database password / server secret in there,
$WORLD now knows it.
In an ideal world, your server cannot serve the include file
which has the actual secret sauce that's used by index.php.
Most people choose not to live in an ideal world. ;-)
--
-- Matthias Urlichs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-php-maint/attachments/20120918/7f179e5e/attachment-0002.pgp>
More information about the pkg-php-maint
mailing list