[Social-discuss] Security improvement for NginX (and bug tracker registr

social-discuss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Social-discuss] Security improvement for NginX (and bug tracker registr

From:	Ivan Vilata i Balaguer
Subject:	[Social-discuss] Security improvement for NginX (and bug tracker registration)
Date:	Mon, 5 Oct 2015 13:18:23 +0200
User-agent:	Mutt/1.5.24 (2015-08-30)

Hi everyone,

I'm attaching a small patch to the sample NginX configuration file to
strengthen it a little bit against PHP files uploaded to
application-writable directories, to avoid e.g. a user attaching a PHP
file which could be run with installation user permissions.  Maybe GNU
social already has some built-in checks for this, I don't know.

I tried to open a bug/feature request for this in the
[Phabricator](https://bugz.foocorp.net/), but registration address
validation emails seem to not be sent (I've tried several times on
different days, checked the spam folder and the receiving server mail
logs, but no trace).

Cheers,
-- 
Ivan Vilata i Balaguer -- https://elvil.net/

serve-uploaded-php.diff
Description: Text Data

[Prev in Thread]

Current Thread

[Next in Thread]

[Social-discuss] Security improvement for NginX (and bug tracker registration), Ivan Vilata i Balaguer <=
- Re: [Social-discuss] Security improvement for NginX (and bug tracker registration), chimo, 2015/10/08
  - Re: [Social-discuss] Security improvement for NginX (and bug tracker registration), Ivan Vilata i Balaguer, 2015/10/08
    - Re: [Social-discuss] Security improvement for NginX (and bug tracker registration), Rob Myers, 2015/10/08

Next by Date: Re: [Social-discuss] Security improvement for NginX (and bug tracker registration)
Next by thread: Re: [Social-discuss] Security improvement for NginX (and bug tracker registration)
Index(es):
- Date
- Thread