Per Jessen wrote:
Robert Cummings wrote:
It's hard to create a helpful application when fort knox is your
delivery location. I'm not saying there's a problem with Fort Knoxes
in the world, but this isn't necessary for everyone. if it were we
wouldn't have banks, we wouldn't have credit unions, we'd all be going
to Fort Knox to make our deposits and withdrawals. One size does NOT
If you're running with AppArmor or SELinux in 'enforce' mode, we could
begin to talk about Fort Knox, but not letting the webserver write to
the DocumentRoot is just a pretty sound precaution. It is unfortunate
that many popular PHP apps were written/designed to expect that kind of
access (at least during initial configuration).
modules), so one should have a strict policy of never having
directories or files inside the web root that the web server has
write permission to.
Why? You still haven't given a good reason. I am the master of my
environment, if I know what I'm putting into my environment then who
is to tell me my setup is wrong?
Rob, for the same reason you make all kinds of other restrictions - you
are not necessarily the master of your own environment. I also think I
am the master of my mailserver, but I still run a firewall.
You run a firewall BECAUSE you are the master of your environment.
Similarly, I choose a host that has or has not restrictions BECAUSE I am
the master of my environment. Mastery includes what you choose for
yourself. Personally, I prefer having my code outside the DocumentRoot
also, but I do not believe it is the simplest solution, and I do not
think it is "wrong" to place such information within the DocumentRoot.
The feature exists, application developers have chosen to use the
feature, it may be less secure, but it is not wrong. Not using AppArmor
is less secure, but it is not wrong. It is one thing for Michael to
argue that it is less secure, but he did not, he claimed the
DocumentRoot should be read only and otherwise is wrong. This
fundamentally changes the nature of the debate. Your argument is
perfectly valid "less secure", perhaps, but wrong? Should never be done?
Sorry, I'm not swallowing the medicine.
Application and Templating Framework for PHP
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php