[phpa] Re: security: phpa files created world-readable

  • From: Nick Lindridge <nick@xxxxxxxxxxxxxxxxx>
  • To: phpa@xxxxxxxxxxxxx
  • Date: Sun, 2 Dec 2001 12:25:11 +0000

On Thu, Nov 29, 2001 at 04:46:46PM -0500, John Madden wrote:
> By default, phpa's cache is stored in /tmp, a generally-world-readable
> location, using the server user's default umask, which is often 022.
> Since these cache files can contain information related to a web
> application (authentication, authorization, session information, etc.) or
> personal information (I'm using phpa for squirrelmail, for example), this
> seems to be something of a security or privacy risk.

Hi John and thanks for this thought. You are correct, but the documentation
clearly indicates how the cache directory can be changed from ini files or
Apache config/access files. The default is one that should always work. 
Users are encouraged to read the documentation and take advantage of the
features to ensure greater security and customisation as appropriate to
their own needs.

Perhaps adding something to the small FAQ would be a good idea though to
point out what you say and how it can be overcome.


  www.php-accelerator.co.uk           Home of the free PHP Accelerator

To post, send email to phpa@xxxxxxxxxxxxx
To unsubscribe, email phpa-request@xxxxxxxxxxxxx with subject unsubscribe

Other related posts: