On Wed, Sep 12, 2007 at 01:16:31PM -1000, Ben Munat wrote:
> I'm curious if there is some reason why the rails command creates the log
> files
> as world-writable. This doesn't seem very security conscious.
>
> I know I can have capistrano or puppet change the file mode on those, but
> that's
> an extra step... and one that most people probably don't do.
>
> So, what say ye? Was this intentional?
Considering that various other parts of Rails recommend 0666 perms on log
files, I'd say it was definitely deliberate. Ill-advised, definitely, but
deliberate.
- Matt
--
"You could wire up a dead rat to a DIMM socket and the PC BIOS memory test
would pass it just fine."
-- Ethan Benson
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "Ruby
on Rails: Core" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/rubyonrails-core?hl=en
-~----------~----~----~----~------~----~------~--~---
