On 6/26/07, Crayon Shin Chan <[EMAIL PROTECTED]> wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
> On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
> > I think most systems have a /tmp directory above the web dir, so
> > outsiders can't watch it anyhow.
>
>     True, but on an unsecured box, this becomes possible, as Apache
> will most likely be running universally as `nobody`, `httpd`,
> `apache`, or `daemon` for all scripts, including all web-based scripts
> writing to the /tmp directory.  This includes session information,
> temporary .php files (as Marius requested), et cetera.

How is this different from:

"put them in a specific directory that only the web server has access to
read, write, and execute"

--
Crayon

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



   There were more posts that someone hadn't sent to the list,
whereas I replied to the list.  I didn't pay attention to see if the
posts were included or not.

--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to