PHP Sicherheit

Gefährliche Standardkonfiguration des Apache für PHP-Suffixe

Soeben bin ich auf den folgenden Blogeintrag aufmerksam geworden, der mich doch recht stutzig gemacht hat:

[...] The non-obvious problem with the above is that it will allow not only "file.php" to be treated as PHP scripts, but also "file.php.txt", which means that any file containing ".php" in its name, no matter where in the filename, would be treated as a PHP script. [...]

Einordnung: