On Friday, June 28, 2002, at 06:14  PM, Lazor, Ed wrote:

> The hosting provider could probably implement a solution...  Alter the 
> FTP
> configuration to automatically set the group permission to that of the 
> web
> server when you transfer files.  You wouldn't need to be in the group.
> You're the owner and can modify your own files.  World Read access 
> would be
> unnecessary.

Someone pointed out last week that a maleficant can write a script that 
reads other files' data [and does something evil with that], since it 
will be executed as the web server user and the web server user can read 
all those files.

Erik




----

Erik Price
Web Developer Temp
Media Lab, H.H. Brown
[EMAIL PROTECTED]


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to