No, you're right..
Permissions for that file could probably be tighter,
but it's better not to rely on file system permissions only.
bvr.
>> And also...
>> How do I go about securing PHP functions. For example, at the moment Joe
>> can upload a PHP script that deletes /etc/named.conf. NOT GOOD!
>>
>Surely this is a general security issue? If an ordinary user is allowed
>to delete /etc/named.conf (whether by PHP, Perl or a command line "rm
>/etc/named.conf") then the permissions are not right (only root normally
>having write permission). Joe may be able to run a script that _tries_
>to delete /etc/named.conf but the permissions should not allow it.
>
>Or am I missing something?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php