[pmwiki-users] Disallow scripts in upload directories
Petko Yotov
5ko at 5ko.fr
Wed Mar 13 15:19:22 CDT 2013
I'd like to read some opinions from different people about this question -
if you can do some tests on your own servers, please find out what .htaccess
settings disallow script execution for the uploaded files on your wiki, and
report here.
Thanks!
Petko
Oliver Betz writes:
> In addition, I suggest to completely disallow execution of scripts in
> upload directories.
>
> For Apache .htaccess I found:
>
> "Options -ExecCGI" - that's very effective in usual virtual hosting
> environments but doesn't help for languages running as module.
>
> "SetHandler default-handler" works also for script languages running
> as module.
>
> Before I add this information to the PmWiki documentation, I would
> appreciate comments from people with better Apache knowledge.
More information about the pmwiki-users
mailing list