JOB: LAMP Artisan

Michael Torrie torriem at gmail.com
Wed Feb 26 07:59:17 MST 2014


On 02/26/2014 02:30 AM, Dan Egli wrote:
>> Some configurations of PHP and/or Apache make it possible to view the
>> source of a PHP file from over the web, including the aforementioned
>> global configuration file.
>
> Well, that would be a problem, yes. But that's due to poor configuration in
> the apache config file, not due to any problems in the PHP language. The
> same misconfiguration can result in dumping Perl, Python, Ruby, etc....
> 

Actually, this is not really possible with Python, Ruby, or Java, since
the code generating the page is never accessible to the web server.
It's outside the webroot. The only interface to it is the callable
interface (the API).

CGI is another story, of course, but normally CGI scripts also live in
their own directory, outside the webroot.




More information about the PLUG mailing list