|
|
|
|
|
|
by PuffinBlue
3510 days ago
|
|
|
> If the included file is writable by the PHP user then I would say that poses a reasonably high security risk It wouldn't be, just writable by the ordinary user. That pretty much negates the rest of what you said except for... > Of course an attacker would need the ability to manipulate local files as the PHP user, but that isn't much of a stretch. If that's happening you've got far worse things going on than having a nginx.conf file around. |
|
|