On Fri, 2012-10-26 at 13:18 +0200, Ondřej Surý wrote: > + It is also advised that > + you check your custom configuration whether it's not vulnerable to > + foo.php.jpeg attacks. The php5_cgi configuration snippet can be used > + as base - it's important to use FilesMatch or Files directive to > + limit the handling to the last extension. Can we perhaps explain a bit more, what the foo.php.jpeg attack is? The last sentence hints it already a bit,... but I guess without clear explanation people may simply skip it. > I think it became clear that we are stuck with no solution which would > work for anyone Do you agree... that we should work on some hopefully general-everything-works framework for jessie? Chris.
Description: S/MIME cryptographic signature