[nycphp-talk] Htaccess and php user account
Tim Lieberman
tim_lists at o2group.com
Tue Dec 2 00:14:28 EST 2008
On Dec 1, 2008, at 11:38 PM, Michele Waldman wrote:
> Thanks to your soft, delicate input, I've been doing a little more
> research.
>
> I was ps -ef on the linux server. Php appears to be configured into
> the
> server and the process goes down due to misconfiguration, is it not
> the same
> process handling the htaccess? Does that mean basically all web
> services
> have stopped on the server and not even htaccess would protect it,
> leaving
> the entire server vulnerable? Or will htaccess still be working?
You're still operating under the impression that something went wrong
with the software.
Nothing went wrong with the software. The software worked exactly as
it was supposed to. The problem was that it was misconfigured.
(Unless there really is some bug in apache that nobody here has ever
seen/verified). So, Garbage In (Configuration), Garbage (or, your
source files, in this case) Out.
Even that facebook story ends up saying:
"After looking at every possible angle, I was unable to configure our
Apache build to serve source code even if we wanted to. What we
eventually found was a single server running a standard distribution
build of Apache in our production pool of several thousand web severs.
A lot has been posted online blaming PHP for this, however, the server
that we eventually found was not running PHP."
http://sizzo.org/wp/2007/09/youre-source-code-is-showing
He goes on to suggest the same thing I did in my last message.
> So, if this is a misconfiguration issue, that means if you don't
> have a sys
> admin, that the programmer needs to learn the configuration and
> ensure it's
> correct on the server?
If you rely on a server to deploy your applications you should do one
of two things:
1) Know enough about server administration/configuration
2) Pay someone (or some organization) that does.
More information about the talk
mailing list