My server is (from what I understand) configured to only run PHP -- I would double check on a live machine.
WHat are the dangers in allowing uploading of arbitrary files? If my LAMP setup does not have Ruby or other scripting languages installed and I disabled PHP from executing in the directories where uploads are allowed would this suffice?
Code: Select all
<Directory /var/www/app/public/uploads/>
php_admin_flag engine off
</Directory>