Allegedly, on or about 09 September 2016, Alex sent: > The reason I was exploring other possibilities is because generally > speaking the apache user shouldn't have write privileges in the > document root. If there was ever an apache compromise leading to a > shell, it would put in jeopardy the entire website. I'd like to avoid > that. The barely improved solution is to not let it write to the document root, but only to a sub-directory. I would have thought, though, that the way to do this is to not allow any writes to anything in the document root, but for your publishing scripts to write to its own (separate) database, in a rigidly controlled manner (by the authoring software), and for the webserver to read from it. -- [tim@localhost ~]$ uname -rsvp Linux 3.9.10-100.fc17.x86_64 #1 SMP Sun Jul 14 01:31:27 UTC 2013 x86_64 Boilerplate: All mail to my mailbox is automatically deleted, there is no point trying to privately email me, I only get to see the messages posted to the mailing list. If you don't understand how e-mail threading works, then follow the instructions given by those who do, and don't argue with them. -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
