On Fri, October 20, 2006 8:24 am, chris smith wrote:
> php running through apache:
>
> <?php
> mkdir('/path/to/dir');
> ?>
>
> Making that in a "shared" location will allow *any* domain to write to
> it, read from it or delete it (forget about possible open_basedir
> restrictions).
If 'nobody' can read/write to be able to do the mkdir() in the first
place, then whether you do the mkdir() or the other user does it is
irrelevant. They ALREADY have the access to that dir through PHP.
> Running as cgi you don't get that problem.
Maybe, maybe not.
Depends on the chmod and umask settings of the directory and/or your
script.
> I could be completely misunderstanding what suPHP does.
Possibly.
Or simply under-estimating the bad practices in BOTH scenarios which
can lead to disaster.
It's a fork in the road.
Taking either fork involves risks, of a different nature.
Understand the Risks, and how they relate to what YOU are doing.
Taking either fork blindly because somebody told you it's "safer" is
the BAD OPTION.
--
Some people have a "gift" link here.
Know what I want?
I want you to buy a CD from some starving artist.
http://cdbaby.com/browse/from/lynch
Yeah, I get a buck. So?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
