On 6/26/07, Crayon Shin Chan <[EMAIL PROTECTED]> wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote:
> On 6/26/07, Al Rider <[EMAIL PROTECTED]> wrote:
> > I think most systems have a /tmp directory above the web dir, so
> > outsiders can't watch it anyhow.
>
> True, but on an unsecured box, this becomes possible, as Apache
> will most likely be running universally as `nobody`, `httpd`,
> `apache`, or `daemon` for all scripts, including all web-based scripts
> writing to the /tmp directory. This includes session information,
> temporary .php files (as Marius requested), et cetera.
How is this different from:
"put them in a specific directory that only the web server has access to
read, write, and execute"
--
Crayon
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
There were more posts that someone hadn't sent to the list,
whereas I replied to the list. I didn't pay attention to see if the
posts were included or not.
--
Daniel P. Brown
[office] (570-) 587-7080 Ext. 272
[mobile] (570-) 766-8107
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
