[phpa] Re: security: phpa files created world-readable
- From: John Madden <weez@xxxxxxxxxxxxx>
- To: phpa@xxxxxxxxxxxxx
- Date: Sun, 2 Dec 2001 11:54:34 -0500
> Hi John and thanks for this thought. You are correct, but the
> documentation clearly indicates how the cache directory can be changed
> from ini files or Apache config/access files. The default is one that
> should always work. Users are encouraged to read the documentation and
> take advantage of the features to ensure greater security and
> customisation as appropriate to their own needs.
Well the default location of /tmp isn't a problem (and I wasn't planning
on changing away from that), but the default world-read bit is what I take
issue with. Regardless of where the user puts the files, they shouldn't
be world-readable, so that point is moot. A simple chmod() after your
current open() would take care of the problem.
John
--
# John Madden weez@xxxxxxxxxxxxx ICQ: 2EB9EA
# FreeLists, Free mailing lists for all: http://www.freelists.org
# UNIX Systems Engineer, Ivy Tech State College: http://www.ivy.tec.in.us
# Linux, Apache, Perl and C: All the best things in life are free!
------------------------------------------------------------------------
www.php-accelerator.co.uk Home of the free PHP Accelerator
To post, send email to phpa@xxxxxxxxxxxxx
To unsubscribe, email phpa-request@xxxxxxxxxxxxx with subject unsubscribe
- Follow-Ups:
- [phpa] Re: security: phpa files created world-readable
- From: Nick Lindridge
- References:
- [phpa] Re: security: phpa files created world-readable
- From: Nick Lindridge
Other related posts:
- » [phpa] security: phpa files created world-readable
- » [phpa] Re: security: phpa files created world-readable
- » [phpa] Re: security: phpa files created world-readable
- » [phpa] Re: security: phpa files created world-readable
- [phpa] Re: security: phpa files created world-readable
- From: Nick Lindridge
- [phpa] Re: security: phpa files created world-readable
- From: Nick Lindridge