Hi, Christoph Anton Mitterer:
> 1) So you have both, php5-cgi AND libapache2-mod-fcgid installed, right? fastcgi, but yes. > 2) Then what happens is, the Handler from php5_cgi.conf overrides the > way (whatever you did) to get .php files interpreted, right? Right. > 3) Obviously, .php files are then neither interpreted by "normal" CGI, > as Action directives are missing (and perhaps ScriptAlias and other > things), right? > Right. > Big problem though is, are the files then served as normal files by > Apache? Yes. The file gets served as-is, with a mimetype of application/x-whatever-php. If there's a database password / server secret in there, $WORLD now knows it. In an ideal world, your server cannot serve the include file which has the actual secret sauce that's used by index.php. Most people choose not to live in an ideal world. ;-) -- -- Matthias Urlichs
signature.asc
Description: Digital signature