On Fri, October 20, 2006 12:49 am, Chris wrote: > A shared user (like "www" or "nobody") is a *much* bigger risk than > separate users. *MUST* we go through all the permutations of "What if..." for these two scenarios again? The Risk cannot be evaluated outside the context of everything else you do after that. The Risk from your fellow users is reduced when you own the files. The Risks of a malicious file being uploaded/written/included having more power than it should is increased when you own the files. Which Risk is bigger depends on what you use the server and PHP to *do* and how you do those things. What if Notre Dame plays in the Rose Bowl?... :-) [Note to non-sports-non-ND-people. It's a stupid question, as ND is not eligible, but generates endless mindless arguments for reasons beyond my ken.] -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
