It sounds scarier than saying: "If you use PHP, remember to set the following in... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		meritt on June 19, 2013 \| parent \| context \| favorite \| on: Nginx for Developers: An Introduction It sounds scarier than saying: "If you use PHP, remember to set the following in your .ini" `cgi.fix_pathinfo = 0`

jonknee on June 19, 2013 [–]

So not zero day and not an exploit. A terrible idea for a feature though, PHP seems to be rich with those.

meritt on June 19, 2013 | [–]

Not really a terrible idea at all. They are simply conforming to the CGI specification. In realizing the potential security issues associated with doing so, they offer a way to disable that behavior.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact