On 6/26/07, Crayon Shin Chan <crayon.shin.chan.uk@xxxxxxxxx> wrote:
On Wednesday 27 June 2007 03:53, Daniel Brown wrote: > On 6/26/07, Al Rider <alan@xxxxxxxxxxxxx> wrote: > > I think most systems have a /tmp directory above the web dir, so > > outsiders can't watch it anyhow. > > True, but on an unsecured box, this becomes possible, as Apache > will most likely be running universally as `nobody`, `httpd`, > `apache`, or `daemon` for all scripts, including all web-based scripts > writing to the /tmp directory. This includes session information, > temporary .php files (as Marius requested), et cetera. How is this different from: "put them in a specific directory that only the web server has access to read, write, and execute" -- Crayon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
There were more posts that someone hadn't sent to the list, whereas I replied to the list. I didn't pay attention to see if the posts were included or not. -- Daniel P. Brown [office] (570-) 587-7080 Ext. 272 [mobile] (570-) 766-8107 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
