The biggest issue is security... You have a cache folder with 777 permissions which anyone else on the same host can write to and execute arbitrary PHP code.
Some shared hosting providers get round this by using chroot jails and a number of other tricks, but you need to make sure the one you are using also takes these measures. Try navigating to /home and seeing if you can list the other home folders... Then think about guessing /home/somewebsitename/cache/ frontend/.../etc Also if the cache folders not 777 but are owned by the "web" user (normally www-data or something like that) then are the other users of the shared system using the same user? I could write a php script on my site which runs as the same user and uses file_put_contents to throw php files into your cache folder (if I can guess the path) since my script also runs as www-data. There are a bunch of posts about this stuff, have a look around - best to find a hosting provider that gives you a virtual server so you are isolated from the other users, or at least takes measures to protect you from the kind of issues above (by giving each user their own Apache user/process for example). Russ. On May 29, 9:46 am, comb <sa...@gmx.net> wrote: > Hi! > > Obiously it takes some tweaks to run symfony 1.4 on a shared host, but > what's wrong with it? > One can add a .htaccess files to prevent unauthorized access for the > hole symfony project folder, another one for the web/-directory to > enable normal access there and then pointhttp://domain.comto the > web/-dir. > Why not? > > The only thing I can imagine is that the uploads mostly have to be > done by hand, but that's ok with me since it'll usually be a small > project if it runs on a shared host. -- If you want to report a vulnerability issue on symfony, please send it to security at symfony-project.com You received this message because you are subscribed to the Google Groups "symfony users" group. To post to this group, send email to symfony-users@googlegroups.com To unsubscribe from this group, send email to symfony-users+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-users?hl=en
