[phpa] security: phpa files created world-readable

• From: John Madden <weez@xxxxxxxxxxxxx>
• To: <phpa@xxxxxxxxxxxxx>
• Date: Thu, 29 Nov 2001 16:46:46 -0500 (EST)

By default, phpa's cache is stored in /tmp, a generally-world-readable
location, using the server user's default umask, which is often 022.

Since these cache files can contain information related to a web
application (authentication, authorization, session information, etc.) or
personal information (I'm using phpa for squirrelmail, for example), this
seems to be something of a security or privacy risk.

Thanks,
  John



------------------------------------------------------------------------
  www.php-accelerator.co.uk           Home of the free PHP Accelerator

To post, send email to phpa@xxxxxxxxxxxxx
To unsubscribe, email phpa-request@xxxxxxxxxxxxx with subject unsubscribe

Other related posts:

• » [phpa] security: phpa files created world-readable
• » [phpa] Re: security: phpa files created world-readable
• » [phpa] Re: security: phpa files created world-readable
• » [phpa] Re: security: phpa files created world-readable

1. Home
2. phpa
3. Archive
4. 11-2001

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---