Kornel Lesinski wrote:
On Thu, 08 May 2008 02:43:45 +0100, Brice Burgess <[EMAIL PROTECTED]> wrote:

Having users set proper permissions on a "working" directory crosses eyes... let alone the introduces the possibility of a security risk as "777" is the lowest common denominator here!

0700 is the lowest, if you make this directory owned by web server process.

My apologies for being vague. I meant 777 as the "lowest common denominator" because it's the "easiest". poMMo is open source software that is meant to be simple to install. The vast majority of users don't know what an "owner" is, let alone the user in which the webserver runs under.

Also, the software (kind of) supports IIS, so I don't like to rely on .htaccess files to accomplish anything.


From the responses received thus far; it looks like PHPTAL does depend on a user-configured writable directory to compile its templates to?

Is it possible to store compilations in a MySQL table -- and get rid of the directory dependence?

Many thanks,

~ Brice

PHPTAL mailing list

Reply via email to