[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Social-discuss] Security improvement for NginX (and bug tracker registr

From: Ivan Vilata i Balaguer
Subject: [Social-discuss] Security improvement for NginX (and bug tracker registration)
Date: Mon, 5 Oct 2015 13:18:23 +0200
User-agent: Mutt/1.5.24 (2015-08-30)

Hi everyone,

I'm attaching a small patch to the sample NginX configuration file to
strengthen it a little bit against PHP files uploaded to
application-writable directories, to avoid e.g. a user attaching a PHP
file which could be run with installation user permissions.  Maybe GNU
social already has some built-in checks for this, I don't know.

I tried to open a bug/feature request for this in the
[Phabricator](, but registration address
validation emails seem to not be sent (I've tried several times on
different days, checked the spam folder and the receiving server mail
logs, but no trace).

Ivan Vilata i Balaguer --

Attachment: serve-uploaded-php.diff
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]