Free hosting for free people.
TuxFamily is a non-profit organization that provide free services for projects and contents
dealing with the free software philosophy.
Read more
Actividad de la foro
- view=co dans viewvc
- [Résolu] Drupal et module TF
- Gopher, Facebook et la modernité
- A bunch of new releases
- Personaliser le message des listes de diffusion
Proyectos recientes
Obtener ayuda
Archivos
- abril 2012
- marzo 2012
- enero 2012
- octubre 2011
- septiembre 2011
- agosto 2011
- julio 2011
- junio 2011
- mayo 2011
- abril 2011
- marzo 2011
- febrero 2011
- diciembre 2010
- noviembre 2010
- agosto 2010
- julio 2010
- junio 2010
- abril 2010
- marzo 2010
- enero 2010
- octubre 2009
- julio 2009
- junio 2009
- mayo 2009
- abril 2009
- marzo 2009
- enero 2009
- octubre 2008
- septiembre 2008
- agosto 2008
- junio 2008
- mayo 2008
- abril 2008
- marzo 2008
- febrero 2008
- enero 2008
- diciembre 2007
- octubre 2007
- agosto 2007
- julio 2007
- junio 2007
- mayo 2007
- abril 2007
- marzo 2007
- febrero 2007
- enero 2007
- diciembre 2006
- noviembre 2006
- octubre 2006
- septiembre 2006
- julio 2006
- junio 2006
- mayo 2006
- abril 2006
- febrero 2006
- enero 2006
Nuevas
Apache AddHandler moved to AddType due to security considerations
Publicado el domingo 29 marzo 2009
Hi,
Due to security considerations, AddHandler should not be used in apache configuration files. As uncovered by an old thread on the suphp mailing list, this would allow any files containing ".php" to be executed by php (for example example.php.jpg, trust me, this is not what you want ;) ).
As using AddHandler was sadly advised in our FAQ example, most of our hosted people were using it in their .htaccess. To fix this security flaw, we have added full support to AddType, modified our FAQ and run a script to widely and roughly modify all .htaccess files to retroactively fix the problem on TuxFamily.
If you were using a custom .htaccess file containing AddHander/AddType instructions, please check that everything is still working fine as our script may have introduced some side effects.
If you are automatically upgrading your website through rsync or such, please fix your local copy of .htaccess according to the new version of the FAQ.
However, we are not the only one to blame, because the Apache documentation is very unclear on this particular point, as you can see on the addhandler and addtype descriptions.
Your admins
