> I suppose the folder could be moved to/from a folder that is not > web-accessible
I think that is the best approach if you are concerned about security. You could have an apache directive forbidding access to "installer1" > but that would only further complicate the situation. If you have an automated way to do it, the complexity is hidden and forgotten. > Here is another interesting possibility: Could the installer chmod > itself 000 after it is finished running? The possibility I thought of was to tar the directory up before removing it. When it comes time to update, untar the file. If the files are tarred up, they can't be executed, only downloaded. Charles Dostale System Admin - Silver Oaks Communications http://www.silveroaks.com/ 824 17th Street, Moline IL 61265 _______________________________________________ List info: http://lists.roundcube.net/dev/
