On Friday, June 28, 2002, at 06:14  PM, Lazor, Ed wrote:

> The hosting provider could probably implement a solution...  Alter the 
> configuration to automatically set the group permission to that of the 
> web
> server when you transfer files.  You wouldn't need to be in the group.
> You're the owner and can modify your own files.  World Read access 
> would be
> unnecessary.

Someone pointed out last week that a maleficant can write a script that 
reads other files' data [and does something evil with that], since it 
will be executed as the web server user and the web server user can read 
all those files.



Erik Price
Web Developer Temp
Media Lab, H.H. Brown

PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to