はてなブックマーク

Hi! A friend of mine ran into known (though not well -known) security issues with Apache's AddHandler directive. Basically, Apache configuration like applies to a file called evilupload.php.png, too. Yes. Looking at the current Apache documentation, it should clearly say that AddHandler should not be used any more for security reasons. That's what I would expect. What I find as of 2015-02-15 looks