On Mon, 2003-11-10 at 00:34, Chris Shiflett wrote: > --- Robert Cummings <[EMAIL PROTECTED]> wrote: > > I did mention database as one of the solutions. The question wasn't > > about security so I didn't elaborate. > > I have done this same thing in the past, because I tend to answer the > question asked and nothing more. > > However, recently I have begun trying to not give suggestions or examples > that will create a security vulnerability, as well as warning about them > in the examples provided. > > This is based on my belief that people don't always know what questions > they should be asking, combined with my belief that they likely use the > examples or suggestions we provide exactly as stated. As such, I think it > is our responsibility to educate. > > I'm not sure if anyone agrees with me, but this is my philosophy.
All good points; I'd just like to point out though that the file system is a viable method, though it does require the directories be set up with proper ownerships and permissions. That said, yeah the /tmp directory probably wasn't the best choice for the example :) Cheers, Rob. -- .------------------------------------------------------------. | InterJinn Application Framework - http://www.interjinn.com | :------------------------------------------------------------: | An application and templating framework for PHP. Boasting | | a powerful, scalable system for accessing system services | | such as forms, properties, sessions, and caches. InterJinn | | also provides an extremely flexible architecture for | | creating re-usable components quickly and easily. | `------------------------------------------------------------' -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
