[phpa] Re: security: phpa files created world-readable

On Sun, Dec 02, 2001 at 11:54:34AM -0500, John Madden wrote:
> 
> > Hi John and thanks for this thought. You are correct, but the
> > documentation clearly indicates how the cache directory can be changed
> > from ini files or Apache config/access files. The default is one that
> > should always work. Users are encouraged to read the documentation and
> > take advantage of the features to ensure greater security and
> > customisation as appropriate to their own needs.
> 
> Well the default location of /tmp isn't a problem (and I wasn't planning 
> on changing away from that), but the default world-read bit is what I take 
> issue with.  Regardless of where the user puts the files, they shouldn't 
> be world-readable, so that point is moot.  A simple chmod() after your 
> current open() would take care of the problem.  

Ok, fair point. Setting the umask and/or just using different file modes
is probably what I'd do for this. I'll have a look at what I'm doing and 
can change it. Really they only need be readable by the user but I could 
add an ini entry to specify the mode similar to shm_perms as that might be
useful in some cases.

Thanks for the suggestion!

------------------------------------------------------------------------
  www.php-accelerator.co.uk           Home of the free PHP Accelerator

To post, send email to phpa@xxxxxxxxxxxxx
To unsubscribe, email phpa-request@xxxxxxxxxxxxx with subject unsubscribe

Other related posts: