Robert Cummings wrote:

> Personally, I prefer having my code outside the DocumentRoot
> also, but I do not believe it is the simplest solution, and I do not
> think it is "wrong" to place such information within the DocumentRoot.
> The feature exists, application developers have chosen to use the
> feature, it may be less secure, but it is not wrong. 

Are we just discussing semantics then?  I agree it's not wrong as such,
but right and wrong are usually determined by the environment one is in
and in a security-aware environment (such as I know them), letting the
webserver write to the DocumentRoot would be wrong. Elsewhere it is
perhaps at worst ill-advised. 


Per Jessen, Zürich (11.5°C)

PHP General Mailing List (
To unsubscribe, visit:

Reply via email to