Thanx Johannes,
how about making the webserver the owner of the files? Would that be a good idea?
The problem is that I have a framework deployed at several clients. Because this are some big clients and demand high security they won't give me a login to their ftp or consoles.
Understandable, but everytime there's an update I need to mail the files and they have to install it. Imagine how much time that costs when there's a problem after the update and they need files again. Very annoying.
I consider myself a good php scripter and I will be able to make my scripts secure, so I need a good reason not to build in the auto-updater. I can tell the server is a dedicated server for my project, only has a webserver running (apache).
Argue with me :)
grt, Evert
Johannes Findeisen wrote:
Hello,
It is generally not a good idea to make scripts to everybody writeable. I think that if you're implementing auto-update features in PHP scripts they only could be insecure. Okay, you have one more feature but what if this feature goes out of control? Be really carefull when writing such applications. Maybe there are nice and secure solutions which maybe work but you really should set a focus on security.
More info: http://www.php.net/manual/en/function.chmod.php
Regards
hanez
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
