Per Jessen wrote:
Robert Cummings wrote:
Personally, I prefer having my code outside the DocumentRoot
also, but I do not believe it is the simplest solution, and I do not
think it is "wrong" to place such information within the DocumentRoot.
The feature exists, application developers have chosen to use the
feature, it may be less secure, but it is not wrong.
Are we just discussing semantics then? I agree it's not wrong as such,
but right and wrong are usually determined by the environment one is in
and in a security-aware environment (such as I know them), letting the
webserver write to the DocumentRoot would be wrong. Elsewhere it is
perhaps at worst ill-advised.
I prefer "proceed with caution" :)
Cheers,
Rob.
--
http://www.interjinn.com
Application and Templating Framework for PHP
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php