https://bugs.contribs.org/show_bug.cgi?id=11207
--- Comment #11 from Brian Read <[email protected]> ---
from JP:
no you do not want www user able to mess up with certificates. there was a
dedicated user phpki for this exact reason. you must run dedicated php-pool as
phpki, not leting the whole www user being able to access your private key on
first kiddy script executed
please revert to dedicated user this is a major security issue.
--
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
_______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
