M0UNTAIN 0F C0DE

I was recently involved in setting up a complex load balanced Auto-scaling multi server setup and to make life easy I wanted to set a header that contained the servers hostname so it was clear which server behind the load balancer satisfied each request.

I thought this would be easy... Not so much! But I managed it and here's how...

Alot of PHP applications that i've worked on that allow file uploads place the files into a directory that is publicly accessible, this isn't a problem so long as your upload script never ever allows scripts to be uploaded.

It doesn't matter how good you think your MIME type or extension filtering is why allow the PHP interpreter near the files you never expect to be interpreted?