if you use the apache addhandler command for things like php, perl, python, etc it can create a huge hole if you allow uploads into your web space (images for example). the unbelievable behavior is that addhandler (and other friends from mod_mime) look for the extension anywhere in the filename, not just the end. so foo.php.jpg will be run as php if addhandler is used for .php (which is the default for redhat 5 systems).
a workaround is to use: <FilesMatch \.php$> SetHandler php5-script ForceType text/html </FilesMatch> instead. wow, this is just scary... _______________________________________________ PLUG mailing list PLUG@lists.pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug