> I suspect that the permissions default rw-rw-rw as they do because > usually there is some sort of web server, apache, IIS, etc that should > be used to render the files, and often that web server isn't running > in the same process or user as mongrel/rails. I think this is > sensible, but when data is sensitive and you have more then one user > for the server you don't want to give the world read permissions to > the apache, the world, etc. Maybe a lot of developers don't want to > think about users and permissions, but for security standards and > awareness I think that this should be at least mentioned in the > configuration.... especially on a shared hosting account, world > writable, scary!
There's nothing much about file permissions in rails itself. Generally you can solve most of this stuff with things like sticky permissions on directories or calling umask / chmod yourself on the files. Another option is to use Tempfile which defaults to 0600. If you're using a plugin for your upload management, perhaps contact the authors and ask if there's an option for permissions. -- Cheers Koz --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Ruby on Rails: Core" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/rubyonrails-core?hl=en -~----------~----~----~----~------~----~------~--~---
