On 13-sep-2007, at 1:16, Ben Munat wrote: > I'm curious if there is some reason why the rails command creates > the log files > as world-writable. This doesn't seem very security conscious.
Your issue is solved, but nevertheless I would like to chime in. AFAIK Rails consciously avoids being paranoid about most of the permissions (also having a user in the db that can modify tables). In the long run being too paranoid causes more grief than convenience. If you need stuff to be locked tight modify your deployment scripts accordingly :-) Or you can indeed make your own Logger (which seems the easiest to me). -- Julian 'Julik' Tarkhanov please send all personal mail to me at julik.nl --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
