Robert Cummings wrote: > It's hard to create a helpful application when fort knox is your > delivery location. I'm not saying there's a problem with Fort Knoxes > in the world, but this isn't necessary for everyone. if it were we > wouldn't have banks, we wouldn't have credit unions, we'd all be going > to Fort Knox to make our deposits and withdrawals. One size does NOT > fit all. If you're running with AppArmor or SELinux in 'enforce' mode, we could begin to talk about Fort Knox, but not letting the webserver write to the DocumentRoot is just a pretty sound precaution. It is unfortunate that many popular PHP apps were written/designed to expect that kind of access (at least during initial configuration). >> modules), so one should have a strict policy of never having >> directories or files inside the web root that the web server has >> write permission to. > > Why? You still haven't given a good reason. I am the master of my > environment, if I know what I'm putting into my environment then who > is to tell me my setup is wrong? Rob, for the same reason you make all kinds of other restrictions - you are not necessarily the master of your own environment. I also think I am the master of my mailserver, but I still run a firewall. /Per -- Per Jessen, Zürich (11.5°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
