Hacker News new | ask | show | jobs
by nbpoole 5548 days ago
If you do that, you have to be very careful. I actually did a writeup about this a few days ago that I posted on HN: https://nealpoole.com/blog/2011/04/setting-up-php-fastcgi-an...

tl:dr is that the configuration you're suggesting will leave a site open to arbitrary code execution if the site allows for user uploads.
1 comments
justincormack 5548 days ago
Thats not a full config, I did reference the documentation. I have a try_files line, as fcgi runs locally as it happens.
link