Difference between #1 and #2 of
Single PHP entry point with Nginx

Revision #2 has been created by MadAnd on Apr 28, 2015, 1:58:30 PM with the memo:

typo fixes
« previous (#1)

Changes

Title unchanged

Single PHP entry point with Nginx

Category unchanged

How-tos

Yii version unchanged

Tags unchanged

yii, nginx, security, php, front controller

Content changed

[...]
Security
--------

One may ask how this rather subtle configuration change affects security. Here is little example. Imagine you have written and application, which among other things allows users to upload some files.
Now, if you "forgot" to implement strict validation rules, malicious user could potentially
upload (exploiting e.g. some NUL char vulnerability) file `shell.php` into the
server's `uploads` folder.

Now the malicious user opens the URL: `http://yourapp.net/uploads/shell.php`
[...]
4 0
3 followers
Viewed: 17 598 times
Version: all
Category: How-tos
Tags: front controller, nginx, php, security, Yii
Written by: MadAnd
Last updated by: MadAnd
Created on: Apr 27, 2015
Last updated: 8 years ago
Update Article
Revert to #1 | Revert to #2

Revisions

View all history